84d7aff156ba0570bd82d447086f168c_JaffaCakes118 | Triage

Sharing

General

Target

84d7aff156ba0570bd82d447086f168c_JaffaCakes118
Size

16KB
MD5

84d7aff156ba0570bd82d447086f168c
SHA1

809f37b37228e1a505fdc875f487836ac3285a16
SHA256

4711f4152f54f923b64fcdcd29c3ebeff5234030f5de3b5b4b73a8eb9fa075ac
SHA512

ab8fd285a3860445488be1aa93b263bb61d30c2a5ec92dced0fac137533150dbb906ff8df8fe1e4fb3b0eac07415b5a9544dc1624184a86cdb4102c5a58f864f
SSDEEP

96:7/Hyccc2HcD7FGIqlqlNq/Dq5ftURkokCZ7eCAih/6JMjOZ:bycV28vFGIiwNykV3LCZ6Lze

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
84d7aff156ba0570bd82d447086f168c_JaffaCakes118

Files

84d7aff156ba0570bd82d447086f168c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1010e79620199d27a90d2a1d575c6eaa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
CreateThread
ExitProcess
TerminateThread
HeapAlloc
GetSystemDirectoryA
GetModuleFileNameA
GetModuleHandleA
GetCurrentProcessId
Sleep
GetTickCount
CopyFileA

user32

MessageBoxA

advapi32

RegCreateKeyA
RegCloseKey
RegSetValueExA

shell32

ShellExecuteA

ws2_32

inet_addr
gethostbyname
sendto
setsockopt
WSASocketA
closesocket
recv
send
connect
htons
socket
WSAStartup

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 748B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE