6002a3022fad39c3e3f6aa6a7c05afe6_JaffaCakes118 | Triage

Sharing

General

Target

6002a3022fad39c3e3f6aa6a7c05afe6_JaffaCakes118
Size

308KB
MD5

6002a3022fad39c3e3f6aa6a7c05afe6
SHA1

db937081ebab1f32d8307b584b6aaf1a3666a8a9
SHA256

be90f3564f2f9e7c426374b9d9fc968b206791a531bb230d03f8a25ac6314254
SHA512

0fd21df0a6334ac9051238d27682cae52797afd8b870ebbb97457b9d2cfd7b4fc090db34ce647ec1acb72fe1ef01d982c52b70903361be40ab3b7acd4d68b074
SSDEEP

3072:G5V3zfg1CgtxtYiul70eTIwTBfXlyd7s997:G5SUgtJgTjTBPlyd7s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6002a3022fad39c3e3f6aa6a7c05afe6_JaffaCakes118

Files

6002a3022fad39c3e3f6aa6a7c05afe6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

01055a9ebdc4f9f4ad5daa5e1551cc30

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetCloseHandle
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetReadFile
InternetQueryDataAvailable

ws2_32

getsockname
setsockopt
getpeername
recvfrom
recv
sendto
send
bind
connect
listen
accept
socket
__WSAFDIsSet
closesocket
shutdown
gethostbyname
gethostname
WSAIoctl
WSAGetLastError
WSAStartup
select
ntohs
ntohl
ntohs
inet_ntoa
inet_addr
ntohl

kernel32

GetProcAddress

gdi32

EqualRgn

Exports

Exports

_crt_debugger_hook

Sections

.decoder
Size: 304KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE