443920240e6ae19254293b1458e729f5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

443920240e6ae19254293b1458e729f5_JaffaCakes118
Size

30KB
MD5

443920240e6ae19254293b1458e729f5
SHA1

adc60d5c3dc1464dfc4505549860707acf82fa50
SHA256

c344dfb3305785f41dee03b20303552746ff64bed1b3f178db6b3c6bf3853438
SHA512

f81b1b92002816df67016190efa4250f86b685a68665104d19ae151e8aba301e00ac8c0a311dc678ab3947760e4db331288aff0628f465e2641ddb442e99dfef
SSDEEP

384:h09kcRIMcTmOYfE24j3L+EMzf5epV/sHeszjdBgHWs:6KMDbRAMzhI/sHeO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
443920240e6ae19254293b1458e729f5_JaffaCakes118

Files

443920240e6ae19254293b1458e729f5_JaffaCakes118
.exe windows:1 windows x86 arch:x86

bb742e53e1ccdf1e41f8075f326abe3b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

_lclose
CloseHandle
CopyFileA
CreateMutexA
CreateThread
DeleteFileA
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
GetCurrentDirectoryA
GetDriveTypeA
GetFileInformationByHandle
GetFileTime
GetLastError
GetModuleFileNameA
GetProcAddress
GetSystemDirectoryA
GetSystemTimeAsFileTime
GetTickCount
GlobalMemoryStatus
LoadLibraryA
OpenFile
ReadFile
SetCurrentDirectoryA
SetErrorMode
SetFileAttributesA
SetFilePointer
Sleep
TerminateThread
WriteFile

ws2_32

bind
closesocket
connect
gethostbyname
gethostname
htons
inet_addr
inet_ntoa
recv
recvfrom
select
send
sendto
socket
WSACleanup
WSAStartup

advapi32

RegCloseKey
RegCreateKeyExA
RegSetValueExA

shell32

ShellExecuteA

wininet

InternetGetConnectedState

Sections

.visk
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE