73feffeaa2989eb0234bbeb127f931ef_JaffaCakes118 | Triage

Sharing

General

Target

73feffeaa2989eb0234bbeb127f931ef_JaffaCakes118
Size

11KB
MD5

73feffeaa2989eb0234bbeb127f931ef
SHA1

61ff01850b0d52fb23b01e3c3e763a811eca095c
SHA256

5927e43efe43cc972d6b7107bf4f2f76731fe4baa3c52aa1bb0f1534a541d3c7
SHA512

2789ae977d71af6814c8dfe06f1d208c461a4c2693934508660933fc4962936ff23c64f239509970ad9a56bc5c6d91f1cb7e0c3556c4ab5a44e47d2d1b8dd38e
SSDEEP

192:G/caVEdKaYqHpMJ8kpHgw7a+c/3cOJMoxUO+1EdmJvBQO3wRVAYrl8wTtKhq7b4:FaVaVTpMJfifsOSoxUedmh+O3wRCcl8h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/crysislog.exe

Files

73feffeaa2989eb0234bbeb127f931ef_JaffaCakes118
.zip
crysislog.c
crysislog.exe
.exe windows:4 windows x86 arch:x86

4521b851b35d05020044fcc29a6395a6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

ExitProcess
GetModuleHandleA
GetProcAddress
SetUnhandledExceptionFilter
Sleep

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_errno
_iob
_onexit
_setmode
atexit
atoi
exit
fprintf
fputc
fwrite
memset
printf
puts
setbuf
signal
strerror
time
toupper

ws2_32

WSAGetLastError
WSAStartup
bind
closesocket
gethostbyname
htons
inet_addr
inet_ntoa
ntohs
recvfrom
select
sendto
socket

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 368B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
winerr.h