8846a97c4b45695ad96125b14d8405ab_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8846a97c4b45695ad96125b14d8405ab_JaffaCakes118
Size

14KB
MD5

8846a97c4b45695ad96125b14d8405ab
SHA1

9549cc9b969226f53929f2bcd2292c8bea0e97a2
SHA256

f5d02fa1ded13ff05a66f315b98be1f23e6319690b17c92b9ce3daf2c5f39340
SHA512

4f025ebedbbb642f3a8dccc731cc97a3ef1be0f0ebc05e5e94e41cb5af68a6227460ce19e2f8bf9b4730cfaf1963ba31e0b06acb84fbfd86183309a0677704b9
SSDEEP

192:nZWhhf2QbvMdJ95jFjR2ba5Z1Bj0cLpMRJahz7IvHw673u0CUqeaQe1uBpK9DE:n4n109QYjKQOFJ5aQe1ua9D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8846a97c4b45695ad96125b14d8405ab_JaffaCakes118

Files

8846a97c4b45695ad96125b14d8405ab_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a06cbf3bf3ef90d63132e2d63de7942a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlRandom
strncpy
atoi
strstr
_itoa
memset
memcpy
_chkstk

ws2_32

getpeername
gethostname
inet_ntoa
htonl
WSAGetLastError
htons
getsockname
setsockopt
__WSAFDIsSet
gethostbyname

kernel32

DeleteFileA
GetCurrentProcessId
CloseHandle
GetModuleHandleA
GetModuleFileNameA
CopyFileA
ExitProcess
CreateFileA
SetFilePointer
GetTickCount
ExpandEnvironmentStringsA
WriteFile
GetProcAddress
SetCurrentDirectoryA
GetLastError
Sleep

advapi32

RegCloseKey
ControlService
OpenSCManagerA
QueryServiceStatusEx
RegCreateKeyA
RegQueryValueExA
RegSetValueExA
OpenServiceW
CloseServiceHandle

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE