6815a2764f68ec83603e65807f84410f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6815a2764f68ec83603e65807f84410f_JaffaCakes118
Size

12KB
MD5

6815a2764f68ec83603e65807f84410f
SHA1

b5f22e1b3c0223fb77d574eda4297bccd38e208e
SHA256

bbfb6eed55101f385b2bfb7d87db1d679bec195c9c7405394d97a29755a6f19c
SHA512

b76ad701427c5e8b4f600e4eef72c5ca6f6f4d844cdf0968e62bc6c2970c4aa402ee00c11b8dddab74888c8037c82214aead35f529e7c52aa79150d39a13b2f0
SSDEEP

192:89e0ec2To1mJMBM3lJUo9UfUyXqB88YVnuyyQpOEWBdTQsi5te9O8N/B6mQKucbb:8U5VMBMko9UfUVn8xwi5te9O24mp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/starteamz.exe

Files

6815a2764f68ec83603e65807f84410f_JaffaCakes118
.zip
show_dump.h
starteam.h
starteamz.c
starteamz.exe
.exe windows:4 windows x86 arch:x86

1328ae3f9303a9e0b127a8a048f04f1c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

ExitProcess
GetModuleHandleA
GetProcAddress
SetUnhandledExceptionFilter

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_errno
_iob
_onexit
_setmode
atexit
atoi
exit
fgets
fprintf
free
fwrite
malloc
memcpy
memset
printf
puts
setbuf
signal
strerror
strlen
strncpy
toupper

ws2_32

WSAGetLastError
WSAStartup
closesocket
connect
gethostbyname
htons
inet_addr
inet_ntoa
ntohs
recv
select
send
socket

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 192B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
winerr.h