74a09f99b8592dd8167c83217dc8e6bb_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

74a09f99b8592dd8167c83217dc8e6bb_JaffaCakes118
Size

11KB
MD5

74a09f99b8592dd8167c83217dc8e6bb
SHA1

5a4ead46e92350759455a84f38d6f521b90ef180
SHA256

a1cc29cb4ce6677b2acfd3089560809c7b97622e7db29627aa31c276a66176b1
SHA512

e920872879d3af9b7fd541db1dd07120fb954890b354c9a38fdc5228675525ba054cf67395f4610f1f959f8f67dbaae4e1e6908c8f20d82f88e8014a7713a81d
SSDEEP

192:XgK8jZDVvapU3a9HNkX9jtVkQqp3rJXw3uxWhLjJGcxebbJr:XgK8ZVyiGHNK1tVk3hVXUhHAaMbJr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
74a09f99b8592dd8167c83217dc8e6bb_JaffaCakes118

Files

74a09f99b8592dd8167c83217dc8e6bb_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ba7f4f3217a89c2ad6fe455148425467

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

WaitForInputIdle
EndDialog

kernel32

GetProcessHeap
HeapFree
OpenMutexA
GetModuleHandleA
SleepEx
lstrcatA
lstrcpyA
lstrcpynA
GetModuleFileNameA
CreateThread
CloseHandle
RtlZeroMemory

advapi32

RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegDeleteValueA
RegCreateKeyExA
RegCloseKey

ws2_32

WSAStartup
accept
bind
closesocket
connect
gethostbyname
ioctlsocket
listen
recv
select
send
setsockopt
shutdown
socket

ntdll

RtlAllocateHeap
RtlExitUserThread

Exports

Exports

mekomdo

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 934B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 632B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ