2523c3ec9555b43a328e8f4cce550310_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2523c3ec9555b43a328e8f4cce550310_JaffaCakes118
Size

17KB
MD5

2523c3ec9555b43a328e8f4cce550310
SHA1

7a6571489044e347a479a1b07946b9c8af2f9bb7
SHA256

d3b00d9b769e2da51628d4efd61e684e5d3b2e4bd6a6d5a74dba689623cbfd4e
SHA512

fc6e880040daff9772e3f2b9443f9697d6169b9ec557cc3b56ca3aed81e224822bb95f3b1677223956fa30b0b547632758540271d9906c1e148df222f6ca9426
SSDEEP

192:dWXzW2Lf06P90ME8rYZ6HOHxuPklAAXVb8fRWtmuHnOHPjKll5mpVw4+VWAFlR/T:dWDW2Lf06P90Lh5XIR9gnmUVWqlle/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2523c3ec9555b43a328e8f4cce550310_JaffaCakes118

Files

2523c3ec9555b43a328e8f4cce550310_JaffaCakes118
.exe windows:4 windows x86 arch:x86

dba7f477e26578fcbf41f2580003d606

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSAStartup
connect
inet_addr
htons
setsockopt
recv
socket
closesocket
gethostbyname
send

kernel32

ReleaseSemaphore
CreateThread
ResumeThread
GetThreadContext
CreateFileA
SetThreadContext
FreeLibrary
QueryPerformanceCounter
WaitForSingleObject
SetEvent
VirtualFree
WriteFile
Sleep
CreateEventA
CreateProcessA
TerminateProcess
GetEnvironmentVariableA
ExitThread
GetProcAddress
VirtualAlloc
VirtualAllocEx
GetTempFileNameA
LoadLibraryA
CloseHandle
WriteProcessMemory

advapi32

RegCloseKey
RegOpenKeyA
RegQueryValueExA
RegSetValueExA

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ