36a11afb0738ef110117a1aac10d89a2_JaffaCakes118 | Triage

Sharing

General

Target

36a11afb0738ef110117a1aac10d89a2_JaffaCakes118
Size

8KB
MD5

36a11afb0738ef110117a1aac10d89a2
SHA1

6829d50c18bac3e0b95e670237dfd4d7eca96403
SHA256

a0309e5ee1692614c56476001d04678fdde9c6294b83cb653417c5628d88097f
SHA512

56052bc49bd02edc6b355099d70aa3298236fb74fc5a7440ccfd54b718a46aceb31f76e98c171d4408ef6f52e30a909ee6dd2194ea381fff4d9e5b9f6568f51e
SSDEEP

192:2KvJwxkIMJGInXZV+7eChxJtuCqR9Bx1o:2IGReGIpgimxJtZqR9ra

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36a11afb0738ef110117a1aac10d89a2_JaffaCakes118

Files

36a11afb0738ef110117a1aac10d89a2_JaffaCakes118
.dll windows:4 windows x86 arch:x86

2b93db110f62447fd0e50d5209bf4573

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetWindowsDirectoryA
HeapAlloc
HeapCreate
HeapDestroy
GetPrivateProfileStringA
GetLastError
GetPrivateProfileSectionNamesA
WaitForSingleObject
lstrcatA
lstrcpyA
lstrlenA
SetWaitableTimer
HeapFree
CreateMutexA
CreateThread
CreateWaitableTimerA

user32

wsprintfA

ws2_32

__WSAFDIsSet
connect
gethostbyname
gethostname
htons
inet_ntoa
bind
closesocket
select
send
shutdown
socket
WSACleanup
ntohs
recv
WSAIoctl
WSAStartup

advapi32

RegQueryValueExA
RegCloseKey
RegEnumKeyExA
RegOpenKeyExA

Exports

Exports

HftpRunService
OnLogonEvent

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ