87436a071d3c88a920348b360a720251_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

87436a071d3c88a920348b360a720251_JaffaCakes118
Size

14KB
MD5

87436a071d3c88a920348b360a720251
SHA1

0772ff8eee4cff3b198ef6d70085da238f7766a0
SHA256

07b9769b7526a1c60defbac9a46166babebd3eab2ab01dcd957085978ff330c1
SHA512

40ed57ae4ee63b9b79aa8d5dec845f2dc0e6b0f7b53240b51dae2a9019c8ba79c33e45a838264563d55479bd9447fca7bec9a4687f28ac2ea494c36b43e41d85
SSDEEP

384:Z/EFrEo4jtR0sWb/DeQG/1q0y0lruhFAfmc41:Z/KjoOsg/SLrlsFAf2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
87436a071d3c88a920348b360a720251_JaffaCakes118

Files

87436a071d3c88a920348b360a720251_JaffaCakes118
.exe windows:4 windows x86 arch:x86

867dc1053f2680b810b52b5a9cec6313

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA
wsprintfA

kernel32

Sleep
CloseHandle
CopyFileA
CreateFileA
CreateThread
DeleteFileA
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
GetComputerNameA
GetDriveTypeA
GetFileSize
GetLogicalDriveStringsA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetTempFileNameA
GetTempPathA
GlobalAlloc
GlobalFree
LoadLibraryA
ReadFile
RtlMoveMemory
RtlZeroMemory
SetCurrentDirectoryA
SetFilePointer
GetCommandLineA
WinExec
WriteFile
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrlenA

wsock32

htons
closesocket
socket
send
recv
connect
gethostbyname
inet_addr
WSACleanup

advapi32

GetUserNameA

shell32

ShellExecuteA

wininet

InternetConnectA
InternetCloseHandle
FtpSetCurrentDirectoryA
FtpPutFileA
InternetOpenA

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE