476e18ee8a59941ee29a4863d828f8e2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

476e18ee8a59941ee29a4863d828f8e2_JaffaCakes118
Size

109KB
MD5

476e18ee8a59941ee29a4863d828f8e2
SHA1

a225ecaae6421fbca89881445b2adf53666ee03c
SHA256

4dce0d56fa7a7e8aaf04de2f98921a21101e2bed1482e8ab58f39aedfe947cc0
SHA512

f77022b96737661c3d61a2cc688faa9fadb4a81c4fe79b01a2c0f902361363f3e2970b25ae8f18dea06c5bddf04ea7c44711270cff2292dc4dee6d1ea3ae86fd
SSDEEP

3072:W23hhHR9OU84WGw9Mes7tNacQTkIc1lILLPwkTWJ:W2/f8iekzac9IV4kq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
476e18ee8a59941ee29a4863d828f8e2_JaffaCakes118

Files

476e18ee8a59941ee29a4863d828f8e2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6c772d26c74752b56dfd0cafb7706a4f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHAddToRecentDocs
StrRChrIA
StrStrIA

wsock32

WSACleanup
WSAStartup
listen

kernel32

CreatePipe
TerminateProcess
VirtualProtect

gdi32

SaveDC
TextOutW
SetRelAbs
StretchBlt
SetICMMode
ResetDCW
UpdateColors
SetDIBColorTable

Sections

.text
Size: 25KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ