47f77dbd05a58bf75228485f7989e73a_JaffaCakes118 | Triage

Sharing

General

Target

47f77dbd05a58bf75228485f7989e73a_JaffaCakes118
Size

36KB
MD5

47f77dbd05a58bf75228485f7989e73a
SHA1

2e16c04fe6cc04779128d80a3214e7956d5c0828
SHA256

ad3c997fea4347b5bf763f478e4d5fa5e4d5f2729ce08c710abccbae855add67
SHA512

b20a40211fc0e5332b7651d65b0acde0c8b0383f5c2206a701d3ca52d1cd7cdcb745692ac4a3cdef7b0f0a101a701450d1c7fe3a04b6e12b390128c3c2a4d3ea
SSDEEP

768:Zhl/xisOVKMEW2ICHcvX6OcuC1eKTKdGhqWkVFGCufmJ8EHK9R3Y:Zhl/xtOVKU2wdQKdGA8xfAq9Ro

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
47f77dbd05a58bf75228485f7989e73a_JaffaCakes118

Files

47f77dbd05a58bf75228485f7989e73a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d0acb3a11b19da4dd16143d1be3fef91

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSAStartup
recv
send
gethostbyname
socket
htons
connect
closesocket
getsockname

kernel32

CreateProcessA
HeapFree
HeapAlloc
GetProcessHeap
GetVersionExA
lstrlenA
DeleteFileA
CloseHandle
WriteFile
CreateFileA
ExitProcess
GetModuleFileNameA
WinExec
Sleep
CreateThread
GetFileAttributesA
lstrcatA
lstrcpyA
GetTickCount
CreateMutexA
OpenMutexA
WaitForSingleObject

user32

wsprintfA
GetKeyboardLayoutList

advapi32

RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE