4a2b85a17d32f867d44b48be1db13956_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4a2b85a17d32f867d44b48be1db13956_JaffaCakes118
Size

38KB
MD5

4a2b85a17d32f867d44b48be1db13956
SHA1

9f75dcc46aa66c256b27428a6a1b9bb1491a400d
SHA256

2e42e50785e97cce2669e3e330bfc25f31d3b2b7e615ec2aca2a56aa5ce72959
SHA512

0e21783a7af91653561ba86c2e5e8b6c4ac3ac0c31941f136c1a0f6ab99a1d0ffa4bd492e0262ed2f3ba4f59fcb01e4b0671004a3da3cc45116bde1a1bd8666f
SSDEEP

384:MkzX/B2CfvICOws9fuy1jWlrM+1Xo3ayESBl/XxJ5td+7NMsAmqj:MkzX/kKIcs9fuw8Xohz5tiNqf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a2b85a17d32f867d44b48be1db13956_JaffaCakes118

Files

4a2b85a17d32f867d44b48be1db13956_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1e0d0bbb07b513bf42e03e3628db072f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLogicalDriveStringsA
GetLocaleInfoA
GetSystemDirectoryA
GetVersionExA
GetModuleFileNameA
GetDriveTypeA
GetWindowsDirectoryA
ExitProcess
CreateToolhelp32Snapshot
Process32First
FindFirstFileA
FindNextFileA
CreateFileA
GetFileSize
ReadFile
WriteFile
CloseHandle
DeleteFileA
GetComputerNameA
CopyFileA
Process32Next
GetLastError
TerminateProcess
OpenProcess
Sleep

user32

ExitWindowsEx
wsprintfA

gdi32

GetDeviceCaps
CreateCompatibleDC
CreateDIBSection
SelectObject
BitBlt
GetDIBColorTable
DeleteObject
DeleteDC
CreateDCA

advapi32

RegOpenKeyA
GetUserNameA
RegDeleteValueA
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA

shell32

ShellExecuteA

wsock32

socket
connect
closesocket
htons
send
recv
inet_addr
ioctlsocket
gethostbyname
WSAStartup
WSACleanup

msvcrt

exit
strcpy
memset
strcmp
strcat
strstr
atoi
strcspn
strncpy
rename
fopen
fread
memcpy
free
fclose
_ftol
malloc
fputc
strlen
printf

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE