884131841cc79b0967329788854baf17_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

884131841cc79b0967329788854baf17_JaffaCakes118
Size

17KB
MD5

884131841cc79b0967329788854baf17
SHA1

931cc83a686c3329020fc71df9f9fcdc45ae2482
SHA256

c08d9c896b680e3a2e67acbb37182a57d07f8007d628bd15b28fe581156afaa4
SHA512

1d491f3c3a8d6520ecd9a8ba74991faddcec114c653620d2a740ecbbc6640d8c620ab726825506d00a1d440c9a3824a8ab3c7d2a7e2663f4cb32a70b1d39f7dd
SSDEEP

384:QuXbTAR3soXtwVXmeptCnUF2jH47McWUAUZOUGk:QuX/E3soXtwVXmept2UFoMHXZO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
884131841cc79b0967329788854baf17_JaffaCakes118

Files

884131841cc79b0967329788854baf17_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2e528146130fb5cfa546be8f1f3280df

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileAttributesA
CopyFileA
GetSystemDirectoryA
GetModuleFileNameA
GetModuleHandleA
ExitThread
GlobalUnlock
CreateMutexA
GlobalAlloc
CreateDirectoryA
SetFileTime
CloseHandle
GetFileTime
CreateFileA
SearchPathA
WaitForSingleObject
Sleep
ExitProcess
CreateThread
GetLocaleInfoA
GlobalLock
GetTickCount

user32

FindWindowExA
PostMessageA
SendMessageA
IsWindow
keybd_event
SetForegroundWindow
ShowWindow
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
FindWindowA

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA

ws2_32

sendto
ntohl
htonl
htons
WSAStartup
socket
connect
recv
closesocket
WSACleanup
inet_addr
inet_ntoa
send
gethostbyname

msvcrt

rand
_snprintf
srand
strncpy
atoi
strstr
strtok
printf
fprintf
fclose
fgets
fopen
strncat
sprintf

Sections

.data
Size: 17KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE