44349acca6943fd2602d66883e3f79b7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

44349acca6943fd2602d66883e3f79b7_JaffaCakes118
Size

33KB
MD5

44349acca6943fd2602d66883e3f79b7
SHA1

8eb6b31e24e25d46cb4b18c78d2f94181db73829
SHA256

31f5df354077a91bb83052ca71691d410b2b9fe8563161db4989fd3e7e261d43
SHA512

b29c91c077e0d0bb2c305db0baff0c7440f285b445d30e55721930473c77ebe3b4f01579fc0a4f4bbcfcd586ad7ff2e36f1da8f9408b4e7896c7d8e3ff23f4ca
SSDEEP

768:8vZbnnxknMt7TL9XN2bS+Tr8x0pAiJzWkuvNo8QNR5nUbQUOiZy:YnxLtHZXmr8GprJzW3aRWQII

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44349acca6943fd2602d66883e3f79b7_JaffaCakes118

Files

44349acca6943fd2602d66883e3f79b7_JaffaCakes118
.exe windows:1 windows x86 arch:x86

90f77e607d7383f980ba5ed32339db1a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

shutdown
socket
WEP
WSARecvEx
GetNameByTypeW
htons
NPLoadNameSpaces

urlmon

URLDownloadW
CoInstall
AsyncGetClassBits
WriteHitLogging
CopyBindInfo
RegisterFormatEnumerator
GetClassURL

Sections

.text
Size: 11KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE