85fa911c61fc8eacfe4dbf4f9a7e1c24_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

85fa911c61fc8eacfe4dbf4f9a7e1c24_JaffaCakes118
Size

7KB
MD5

85fa911c61fc8eacfe4dbf4f9a7e1c24
SHA1

fb5bfe95ff8e2c98ff3e2fdd46cf6b33997cf735
SHA256

33723aeb153fd714e07663e602b60a17b97a3c8def7e88834c81341285cd0e98
SHA512

2800f1df1528411bf8143f1a24ec00435de2951f75da44f779030b1436b6de33a4b8e156dfbf2ae0b22e7e8b46ec55a8b3682b0b44d7aca86a3d6d12238fdf08
SSDEEP

192:bMniLZZ8iOkkr7Fg8OvSA1ngiL+h5RkQA9:dZGi3kr7DOvScgiL+91w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/mtw2client.exe

Files

85fa911c61fc8eacfe4dbf4f9a7e1c24_JaffaCakes118
.zip
mtw2client.c
mtw2client.exe
.exe windows:4 windows x86 arch:x86

d4e6287500e1754d49adeb34c4f56a2e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

ExitProcess
SetUnhandledExceptionFilter

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_errno
_iob
_onexit
_setmode
atexit
exit
fprintf
fwrite
malloc
memcpy
printf
setbuf
signal
strerror
tolower

ws2_32

WSAGetLastError
WSAStartup
bind
htons
inet_ntoa
ntohs
recvfrom
sendto
setsockopt
socket

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 128B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
winerr.h