8bc78d92a754cb979d7349e059f4efac_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8bc78d92a754cb979d7349e059f4efac_JaffaCakes118
Size

9KB
MD5

8bc78d92a754cb979d7349e059f4efac
SHA1

131721a73e7baf2b3a6410a086f1c477aebe69c1
SHA256

2cffee602fcd82e54adbba2e50271654b8e958d46f090be1a560e907728f0c9b
SHA512

34c84ad143c3a9f1bd2a3568f3f8c864b43539751015b2f25badb782a316fce233b25c9ee8111b0e659398fa83a53a7a0afcc4b1347b7def191bb47483850830
SSDEEP

192:GXXHId0His/wG5lj8IUv79MbQVtKOHM+LSorF8ibo:GnHII5t8IUZ7txaO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8bc78d92a754cb979d7349e059f4efac_JaffaCakes118

Files

8bc78d92a754cb979d7349e059f4efac_JaffaCakes118
.dll windows:4 windows x86 arch:x86

60e5a027c14e67fc8c9c3d29aa45d990

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
CreateMutexA
GetTickCount
Sleep
CloseHandle
CreateThread
lstrcpyA
lstrlenA
ExitThread
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex

user32

wsprintfA

main

ConfGetPlgNode
ConfAllocGetTextByNameA

ws2_32

closesocket
WSAGetLastError
send
connect
socket
WSAStartup
sendto
htons

dnsapi

DnsQuery_A
DnsRecordListFree

Exports

Exports

DispatchCommand
DispatchEvent

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ