3070468f261c33d09f5cc3917d44e9f7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3070468f261c33d09f5cc3917d44e9f7_JaffaCakes118
Size

44KB
MD5

3070468f261c33d09f5cc3917d44e9f7
SHA1

7018efcef5aae73c49e0c0f9f89b40a2746f4662
SHA256

30cdf2f17e38b812f3670ea62c4607b52d2ebc33c494399e4e089deb9af4c5bf
SHA512

2b5a691e3935fb457a673f0dc54d6b7a3b139736f4ce53505e2f5c654d3adba598d79b6b26ab6658a01838a14b4fcbbd4ac8b31798cbfdabb08b7994e69a54e2
SSDEEP

384:rSs6O0psxprhkbW6bOfmmBZXKp2eagmSycNLEExhehYDPpxc7eP+osu5YPFnNX27:us6zps630TXKp2e9xNLEUxrpTGBo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3070468f261c33d09f5cc3917d44e9f7_JaffaCakes118

Files

3070468f261c33d09f5cc3917d44e9f7_JaffaCakes118
.dll windows:4 windows x86 arch:x86

6b552f3ef7e0142bb6a845624e3bb998

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSAStartup
WSACleanup
shutdown
closesocket
socket
send
__WSAFDIsSet
recv
ioctlsocket
connect
WSAGetLastError
select
htons
gethostbyname
inet_ntoa
inet_addr

dnsapi

DnsRecordListFree
DnsQuery_A

kernel32

GetModuleFileNameA
DeleteCriticalSection
InitializeCriticalSection
SystemTimeToFileTime
GetSystemTime
GetLocalTime
lstrcmpA
Sleep
CloseHandle
CreateThread
LeaveCriticalSection
EnterCriticalSection
lstrlenA
GetTickCount
lstrcatA
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
lstrcpyA

user32

wsprintfA

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 706B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ