373342b921e9ab50585723a9d5859614_JaffaCakes118 | Triage

Sharing

General

Target

373342b921e9ab50585723a9d5859614_JaffaCakes118
Size

22KB
MD5

373342b921e9ab50585723a9d5859614
SHA1

fb6e06c038b18d86fc5ea598f6927fbba52d5696
SHA256

2629031a606c814f5c617050e3a6ead2acd4cda6c952fc07177f73047accf665
SHA512

9b98576730282d398b7f9095beb2dcdcfc3bf86272aa08ba977163313f42371b287af4d77650af0aee92d8a3e32768e324e81d39045493a2a883fc58485c4d1e
SSDEEP

384:ExlvaZkoVckkwmhzzg9wCqp2igWvvTowsFrDe5n/t0OQ2X9HY8H7ZAybevVirAev:EOZ+jggjsw/t0OH7qxvVirxF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
373342b921e9ab50585723a9d5859614_JaffaCakes118

Files

373342b921e9ab50585723a9d5859614_JaffaCakes118
.exe windows:4 windows x86 arch:x86

17b4ee62ba7871a20a2e4b3e6527ad15

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
lstrlenA
Sleep
lstrcmpA
FindClose
UnmapViewOfFile
FindNextFileA
FindFirstFileA
lstrcatA
lstrcpyA
GetVersionExA
CreateThread
GetModuleFileNameA
SetPriorityClass
CreateFileA
CloseHandle
WriteFile
LockResource
LoadResource
FindResourceA
CopyFileA
GetSystemDirectoryA
GetSystemTime
GetCurrentProcessId
GetProcAddress
GetModuleHandleA
HeapAlloc
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GetFileSize
CreateFileMappingA
MapViewOfFileEx
GetProcessHeap
CreateProcessA
GetCurrentProcess
GetVersion
ExitProcess
TerminateProcess

user32

wsprintfA

advapi32

RegCreateKeyA
RegCreateKeyExA
RegSetValueExA
RegFlushKey
RegCloseKey
RegQueryValueExA

ws2_32

bind
connect
htons
inet_addr
gethostbyname
socket
inet_ntoa
recv
listen
send
htonl
WSAGetLastError
__WSAFDIsSet
ioctlsocket
select
WSAStartup
closesocket
accept

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ