5dcc3a21707216916973048ef7e9cb1d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5dcc3a21707216916973048ef7e9cb1d_JaffaCakes118
Size

10KB
MD5

5dcc3a21707216916973048ef7e9cb1d
SHA1

88f05ad2c92c503f7e84cdb22f2aee2eca857631
SHA256

23b9f4e6581834837a6f72dcb916b06ebcb4a423c5b5c0d02c2455d60f8ae31d
SHA512

fb57c8c85b95420e4cb26bf6fd30ac43784d28e224f8b341e61f83ecbeb62945fd0e56827f28f41dbb5a4caf93ef22d74de207b99217b4626ed115c08e843660
SSDEEP

192:Q4ZxsbOOEdyf6ry7KTai7Z86o1Ad1EsGRtUW8YyJSNTc5HJSEx:HZf9UfrNi7Z8NAd1GRtUtY6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5dcc3a21707216916973048ef7e9cb1d_JaffaCakes118

Files

5dcc3a21707216916973048ef7e9cb1d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2ad3b3c812d2014eeb7fe9750c80fbc8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

htons
socket
closesocket
WSAStartup
connect
gethostbyname
send

kernel32

VirtualProtectEx
GetWindowsDirectoryA
CloseHandle
CreateMutexA
ReadFile
Sleep
GetVolumeInformationA
lstrlenA
HeapAlloc
HeapFree
GetProcessHeap
GetProcAddress
LoadLibraryA
GetModuleHandleA
lstrcatA
lstrcpyA
SetThreadContext
GetThreadContext
GetTickCount
WriteProcessMemory
VirtualFreeEx
VirtualAllocEx
CreateProcessA
ExitProcess
CreateFileA
WriteFile

user32

wsprintfA

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 630B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE