3a5ed828d723b2adfe7473b5d08d727a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3a5ed828d723b2adfe7473b5d08d727a_JaffaCakes118
Size

67KB
MD5

3a5ed828d723b2adfe7473b5d08d727a
SHA1

b87c6d1f931dba97e0687d70486be5c1c4f46924
SHA256

babdd946f756239f3d871ba73575a596a4eb310fb882d66fb17d075f1467e8d6
SHA512

ad9a8db0509f2db25daeeadfa41dc15bdb312d5dd0496b2e62e35924ad48c406d31026016eaaa6a8f945470169d2d916e8c8c4b0f9b9aa324afe73d584baa6fd
SSDEEP

384:jC3LfLz9FZkak7hgc34sN99efif7LKaTwJ7ZN4Rn5ZpvtGBMwlbTdWMgk00zcJR7:uDGhR4KzqiDLfTS4Rn53tyzFRWszcdq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a5ed828d723b2adfe7473b5d08d727a_JaffaCakes118

Files

3a5ed828d723b2adfe7473b5d08d727a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

f60f273e0efde14895bd1e5fe7a25d80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
CreateProcessA
GetSystemDirectoryA
GetVolumeInformationA
GetComputerNameA
FreeLibrary
GetProcAddress
GetLastError
LoadLibraryA
DeleteFileA
GetWindowsDirectoryA
TerminateThread
WaitForSingleObject
CreateThread
GetLocalTime
FindClose
FindNextFileA
FindFirstFileA
DisableThreadLibraryCalls

shell32

SHGetSpecialFolderPathA

ws2_32

WSACleanup
gethostbyname
inet_addr
shutdown
recv
WSAGetLastError
htons
socket
setsockopt
connect
WSAStartup
send
closesocket

msvcrt

_strupr
_stricmp
_adjust_fdiv
_initterm
_onexit
__dllonexit
_strcmpi
??3@YAXPAX@Z
??2@YAPAXI@Z
strlen
memset
memcpy
free
strstr
malloc
sprintf
strncpy
fclose
fwrite
fopen
strcat
rand
atof
atoi

Exports

Exports

GetCoreVersion
Run
StopRun

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ