4968985c3150c83d75713196e224d2b5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4968985c3150c83d75713196e224d2b5_JaffaCakes118
Size

16KB
MD5

4968985c3150c83d75713196e224d2b5
SHA1

d50ba0b0797996bbd64c13205e51eabd89f5902f
SHA256

1f5daf6762e64741e62e4a9b5bf2be1685db4aa198abb06c9721af8411b524fe
SHA512

651eb48e00ae2e0a403ec4a63d3c23655a025d6f118882fda32f0929b7955b06ff27047fa16a9ef8c7d73ca97e178fcc732605254e3edd3225d3aa6c136aae6a
SSDEEP

96:Ey3ckbbVEBmdcloPOpBh1Y9whtUkZskCZ7jCAihf6JMjOZ:EysS6BmIXX1Y9Mt3tCZvLre

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4968985c3150c83d75713196e224d2b5_JaffaCakes118

Files

4968985c3150c83d75713196e224d2b5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2db54c66ad6c644c57ae1a5f41c7e0eb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
CreateThread
ExitProcess
TerminateThread
HeapAlloc
GetModuleFileNameA
GetModuleHandleA
GetCurrentProcessId
Sleep
GetTickCount
CopyFileA

user32

MessageBoxA

advapi32

RegCreateKeyA
RegCloseKey
RegSetValueExA

shell32

ShellExecuteA

ws2_32

inet_addr
gethostbyname
sendto
setsockopt
WSASocketA
closesocket
recv
send
connect
htons
socket
WSAStartup

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 718B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE