461764fa0aab1daa6c0fa2fb68440d6c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

461764fa0aab1daa6c0fa2fb68440d6c_JaffaCakes118
Size

15KB
MD5

461764fa0aab1daa6c0fa2fb68440d6c
SHA1

381e063b4da1840db748259dfc6c050ff2de30c4
SHA256

17ccfd68c7e341e065c1d5376acc2901434e3226ded03f02e1611a0693be7609
SHA512

03e74320620365bc8130500654862f089f95e7c9cd04ef67ba483c7dad1f7dba8e4b5185cacf5510fe696c136a460f566469d937714c382765f2b24bb4b0e884
SSDEEP

192:o8fUIh34AZVBcgI39MMUcnuywRPaYBMuWs44x9u9:nMm34YBcgMMMI7iYZW94x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
461764fa0aab1daa6c0fa2fb68440d6c_JaffaCakes118

Files

461764fa0aab1daa6c0fa2fb68440d6c_JaffaCakes118
.dll windows:4 windows x86 arch:x86

15a819cf63b16ad1c2e6fbe7d88f71eb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateThread
GetLastError
WinExec
GlobalMemoryStatus
GetVersionExA
DeleteFileA
GetTempPathA
lstrcpyA
CloseHandle
CopyFileA
GetSystemDirectoryA
lstrcatA
GetLogicalDriveStringsA
WaitForSingleObject
GetProcAddress
LoadLibraryA
GetTickCount
CreateThread
lstrcmpA
Sleep

user32

MessageBoxA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

msvcrt

printf
atoi
strstr
sprintf
fclose
fread
fopen
fprintf
free
_initterm
malloc
_adjust_fdiv

ws2_32

sendto
socket
htons
gethostbyname
inet_addr
send
connect
WSAStartup
setsockopt
WSASocketA
htonl
closesocket
getservbyname
WSAGetLastError
recv
WSACleanup
inet_ntoa

wininet

DeleteUrlCacheEntry

Sections

.data
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 740B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ