5c6e62c6a1452a65f74d546678e1f953_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5c6e62c6a1452a65f74d546678e1f953_JaffaCakes118
Size

8KB
MD5

5c6e62c6a1452a65f74d546678e1f953
SHA1

ae3e3fc6f09cbb26620bb8ae873a153aee964a34
SHA256

33b3f722e0735f40102f393d699611bf58fb0dade9bcc27238bad7a6daae152c
SHA512

afc0a5f36200b3c3e7d66fe946e5f2390caacfabdc67536f872356db25a4d8d3f849aa0e085a8d34d089d73e7ee4fbead94e304914f52dfc3677b8480b1de3f3
SSDEEP

192:AJBpOSe09ia41VWpnx/YO14aJlkPsoat08oKLGzZ50:AJBp59QwW6Hno40816I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5c6e62c6a1452a65f74d546678e1f953_JaffaCakes118

Files

5c6e62c6a1452a65f74d546678e1f953_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5945e8b646f970c72bbb5e68ba6f8efb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\KLv4.0\KeyLogger\trunk\MiniSendMail\Release\MiniSendMail.pdb

Imports

kernel32

HeapDestroy
lstrcatA
lstrcpyA
GetComputerNameA
GetEnvironmentVariableA
lstrlenA
GetCommandLineA
Sleep
SystemTimeToFileTime
GetLocalTime
GlobalFree
HeapFree
GetVersionExA
CloseHandle
GetDiskFreeSpaceExA
GetDriveTypeA
GetLogicalDriveStringsA
GlobalAlloc
ReadFile
GetProcessHeap
GetFileSize
CreateFileA
HeapAlloc
GetSystemTime
HeapCreate

user32

wsprintfA

advapi32

RegQueryMultipleValuesA
RegOpenKeyA

ws2_32

WSACleanup
closesocket
connect
recv
inet_addr
htons
socket
WSAStartup
send
gethostbyname

shlwapi

StrToIntA

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE