8699f193f11afa49672881294b0ae18e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8699f193f11afa49672881294b0ae18e_JaffaCakes118
Size

84KB
MD5

8699f193f11afa49672881294b0ae18e
SHA1

0204c28d662013149b860c64120e727a304963e5
SHA256

8fe0207a8ac5d3512a1ff18a49b366e68a74761ad64c3462566352012d1a99f5
SHA512

0805965d4395f62d63a6bdfecdc83503a51128a08767b94522f4dd63ec7d9f3cf3224b0699085a54d9c54ee110b91fa20a042e18b8cdca9cb5eb3672c76d5c78
SSDEEP

768:M3dN3nOExyBRzwSqu/Ru0rOze3C1x8orhTz5JqNQBWq7kMFmB/J3OvGPgUUy72AK:Mz3OEYZrMe6rhTna72zIOinToIftU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8699f193f11afa49672881294b0ae18e_JaffaCakes118

Files

8699f193f11afa49672881294b0ae18e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7b94b3fff6a63870eecc4387dad06b91

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

send
WSAStartup
recv
bind
listen
accept
inet_addr
gethostbyname
htons
connect
closesocket
socket

shlwapi

wnsprintfA
StrStrIA
StrStrA

advapi32

CryptDestroyKey
CryptReleaseContext
CryptAcquireContextA
CryptGenKey
CryptExportKey

kernel32

ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
TerminateThread
CloseHandle
HeapAlloc
FileTimeToSystemTime
lstrlenA
GetLastError
CreateThread
GetProcessHeap
HeapReAlloc
IsBadWritePtr
HeapFree
GetTickCount
CreateMutexA
ExitProcess
Sleep

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ