605392a1ba8cd74dbf85945dcc432be6_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

605392a1ba8cd74dbf85945dcc432be6_JaffaCakes118
Size

7KB
MD5

605392a1ba8cd74dbf85945dcc432be6
SHA1

9f7af484302ca5a4710af83246d17d34f1942414
SHA256

341f9903024e7b798af01214f1af4f82c7cf156d712387973b93db674af6b795
SHA512

4df62e168aa88ca7dc553bb1ce481d901d0ee678c25d11c0599fdda3d9bcee4b62c8fd7ea6714cc271e50e3f428fe1d1f3f42a0d15a0737a2affa81b02064fbf
SSDEEP

96:pHXZQwW++W3j3SELbbdklyaW/yK/BmSwkJNswmf2:pHXZ93P01K/BtwkJ4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
605392a1ba8cd74dbf85945dcc432be6_JaffaCakes118

Files

605392a1ba8cd74dbf85945dcc432be6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6e72510fd469052e99e8b95aae4cf674

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
GetDriveTypeA
GetFileSize
GetModuleFileNameA
CreateFileMappingA
GlobalFree
MapViewOfFile
ReadFile
SetCurrentDirectoryA
Sleep
UnmapViewOfFile
WaitForSingleObject
WriteFile
CreateFileA
CopyFileA
GlobalAlloc
CloseHandle

wsock32

socket
select
connect
closesocket
WSAStartup
gethostbyname
send
recv

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

user32

MessageBoxA

Sections

.avp
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 1024B - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE