5e1fbea1528a0e6c84cf62c07ce7bdd5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5e1fbea1528a0e6c84cf62c07ce7bdd5_JaffaCakes118
Size

15KB
MD5

5e1fbea1528a0e6c84cf62c07ce7bdd5
SHA1

3d8ac85fd18fee4c0278ac68228744a051b56b65
SHA256

b4e6a782098cbd963b9fea2a598caeb19379ab9482fa2b403e0c3c374e76992a
SHA512

7673a03cc950f24c69288e662c143e32599818d6e3564309e2c3f5c38e4a230fc36de1942203c8e7c7c94075899bc5c9b203fd5cc4713239eb0ec884c5c2b353
SSDEEP

384:AiaZcNkX6Vx0rMWUISjtTnSBQ/yqNvB/ddtO:6ZHstTnd/ZvB/hO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5e1fbea1528a0e6c84cf62c07ce7bdd5_JaffaCakes118

Files

5e1fbea1528a0e6c84cf62c07ce7bdd5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cc59ec94027321fde1c3b36f58271b90

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
WriteFile
CreateFileA
LockResource
LoadResource
CreateThread
CreateProcessA
GetModuleFileNameA
GetSystemDirectoryA
GetSystemTime
GetCurrentProcessId
GetProcAddress
GetModuleHandleA
GetVersion
lstrcmpA
FindResourceA
CopyFileA
lstrlenA
GetVersionExA
Sleep
GetCurrentProcess
TerminateProcess
ExitProcess

user32

wsprintfA

advapi32

RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegCreateKeyA
RegFlushKey

ws2_32

htons
inet_addr
gethostbyname
socket
inet_ntoa
connect
bind
closesocket
send
htonl
WSAGetLastError
__WSAFDIsSet
ioctlsocket
select
WSAStartup
recv
accept
listen

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ