6189f39be9393ac9da15414c2339c75e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6189f39be9393ac9da15414c2339c75e_JaffaCakes118
Size

23KB
MD5

6189f39be9393ac9da15414c2339c75e
SHA1

8e428507a3365e693319b16aff56fac216f45757
SHA256

524c85b7bb009d78dea558f31edf2144426cc5294d85e7cbfcffb945f223eca3
SHA512

2aa15dfa281e48cc9e9acf92bf47b019df8f647deab4c22b91e9fd909c65689fa0fa7daf185d929beaf5fae7008e7bf76ded521a96e5e082d051b9f8946dc977
SSDEEP

384:CmcOWCiXnJ1GWcST0ZdzmSTbYUFXGn990EpIU8LwMzn9h:CBaC1GWctzwUFXG9qnLwMzX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6189f39be9393ac9da15414c2339c75e_JaffaCakes118

Files

6189f39be9393ac9da15414c2339c75e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f00a34b463ff47c6ef274b1f0d421d95

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

shutdown
htons
connect
WSAStartup
WSAGetLastError
recv
socket
closesocket
gethostbyname
send

kernel32

TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentDirectoryA
Sleep
CreateFileA
GetFileSize
lstrcmpA
SetFilePointer
lstrlenA
GlobalAlloc
ReadFile
lstrcatA
GetEnvironmentVariableA
SetCurrentDirectoryA
FindFirstFileA
GetProcAddress
GlobalFree
LocalAlloc
FindNextFileA
LoadLibraryExA
IsDebuggerPresent
CloseHandle
lstrcpyA
lstrcpynA
GetShortPathNameA
GetModuleFileNameA

user32

wsprintfA

advapi32

RegQueryValueExA
RegOpenKeyExA
GetCurrentHwProfileA

shell32

SHGetSpecialFolderLocation
ShellExecuteA
SHGetPathFromIDListA

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ