4db7de28c2ca751dcb6673758b23507a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4db7de28c2ca751dcb6673758b23507a_JaffaCakes118
Size

40KB
MD5

4db7de28c2ca751dcb6673758b23507a
SHA1

790e0c1fa81c0d62b4aba5d3abd371fa1e5d62a6
SHA256

f2ba24c287ab0f934fab7aa32985ae529acceba06cd75def237209e4144335b2
SHA512

b745df941310f716140b999c3922159a4d9128e7715930aea2cee748b6d357df7d4448ed4f27c78ea2b6dc3f7c7e61415c160e007fa3db3ddf1ce9d365102718
SSDEEP

384:8RBTXMXBpIeB89h+nsBOtzIBREyX6LRpBTXMXBpIe6:gTM3/+z+nEHB6LRfTM3/6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4db7de28c2ca751dcb6673758b23507a_JaffaCakes118

Files

4db7de28c2ca751dcb6673758b23507a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f721c1c375913a28dad0e2198f72f511

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetCommandLineA
GetCurrentProcessId
GetModuleFileNameA
GetModuleHandleA
GetSystemDirectoryA
GetTickCount
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
OpenProcess
CreateToolhelp32Snapshot
Process32Next
ReleaseMutex
Sleep
TerminateProcess
WaitForSingleObject
WinExec
WriteFile
lstrcatA
lstrcmpiA
lstrlenA
CreateThread
CloseHandle
CreateMutexA
CreateFileA
CopyFileA
Process32First

user32

wsprintfA

wsock32

listen
recv
select
send
socket
gethostbyname
inet_addr
bind
accept
__WSAFDIsSet
WSAStartup
connect
closesocket

ole32

CoInitialize
CreateStreamOnHGlobal

shlwapi

StrStrIA

wininet

InternetGetConnectedState
InternetOpenUrlA
InternetOpenA
InternetCrackUrlA
InternetCloseHandle

advapi32

RegCreateKeyA
RegDeleteValueA
RegQueryValueExA
RegSetValueExA
RegCloseKey

Sections

��lbot
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE