85bf1921b901196306cb4cbfbed00841_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

85bf1921b901196306cb4cbfbed00841_JaffaCakes118
Size

42KB
MD5

85bf1921b901196306cb4cbfbed00841
SHA1

f4504da13cf39c30ca9e13cb2db8f6192a062d71
SHA256

703054d0163c0fc7351697b438002021bfebaa8906925a6181da18c12a17a440
SHA512

51ff6e23194d388f6e4f6bb7ed4857059f57b93d290f8ae322739ca901372e467176342459d7445cb6585dc9839cecef6c0346bfb781bcb9e75cf704d246fb7d
SSDEEP

768:5QsvpoY8V+uQddF7c/Mwjdqomz4pUiYtO9xmHR0+SNe3sKblYaRPR0NRU:5liYc+Vt3wxqUWiEO9oVS07bbRZ0NC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
85bf1921b901196306cb4cbfbed00841_JaffaCakes118

Files

85bf1921b901196306cb4cbfbed00841_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e5031d5ae994f013aaf22fd120729d4a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

urlmon

CreateAsyncBindCtx
DllCanUnloadNow
Extract
IsAsyncMoniker
IsValidURL
URLDownloadW
ZonesReInit

wsock32

gethostbyaddr
listen
WSACleanup
sethostname
WSAGetLastError
accept
bind

Sections

.text
Size: 18KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE