4b79a2e3acdd766e7ec477cac712b164_JaffaCakes118 | Triage

Sharing

General

Target

4b79a2e3acdd766e7ec477cac712b164_JaffaCakes118
Size

6KB
MD5

4b79a2e3acdd766e7ec477cac712b164
SHA1

6ec5896bd9c2b615167c313b4eb3908567569c30
SHA256

bdafde125874a5232f666af17032c3d0aac3686d8d15de613181895b0a138e6d
SHA512

79770d6236ec3b5c16a2f4c0198d7aec72319f4707831ea8c682f8a6c731ee691dd0b0821c7651be92b640f65ce72b633fc48f0b286d66a03c67faf2d833dbcf
SSDEEP

96:PujmTMkw0/c6slmyjD/q/SBm3LcMvwjbWqkP6Sw1wgvs/NFFE8s7RktOBeS:2qIRSc6Vp/JYNjbPqXtlbs7RkQAS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/eth2fp.exe

Files

4b79a2e3acdd766e7ec477cac712b164_JaffaCakes118
.zip
eth2fp.c
eth2fp.exe
.exe windows:4 windows x86 arch:x86

a84a598f38b48c7440910cf3313d010d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

ExitProcess
SetUnhandledExceptionFilter
Sleep

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_errno
_iob
_onexit
_setmode
atexit
atoi
exit
fprintf
fwrite
malloc
printf
setbuf
signal
strerror
time
tolower

ws2_32

WSAGetLastError
WSAStartup
bind
closesocket
gethostbyname
htons
inet_addr
inet_ntoa
recvfrom
select
sendto
socket

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 128B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
winerr.h