a03fcd3fa90134583d422497ce1959ec_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a03fcd3fa90134583d422497ce1959ec_JaffaCakes118
Size

13KB
MD5

a03fcd3fa90134583d422497ce1959ec
SHA1

7bd8005518191bcd32b22f7fe3e6cc14a660948b
SHA256

1e088a4f65f10b24ac5031ca5adda9e7004e178d9e8e37e041bcffa8dd11d449
SHA512

435d3ffbb7c7e5522d090951a09242f100ffa5e89a37b44099835ebc35e0d33089dc30c4449ba3e32fa05f3c58d8a37aab0492f058fd024848694e5b72e28a1c
SSDEEP

192:WGd1Xxl97JeMO7OrxzzjWFnn885vWwNXzhQ+GU1r3TiD8I4ksq5vDZYzXoDtN0NT:z99HOmzy3jho5osZlYzXoDtkegHZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a03fcd3fa90134583d422497ce1959ec_JaffaCakes118

Files

a03fcd3fa90134583d422497ce1959ec_JaffaCakes118
.dll windows:4 windows x86 arch:x86

6cce27452cf85e68107e2bbfdf043b67

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileSize
CloseHandle
ReadFile
SetFilePointer
CreateFileA
FreeLibrary
GetProcAddress
LoadLibraryA
WriteFile
WriteProcessMemory
GetCurrentProcess
Sleep
ExitProcess
TerminateProcess
RaiseException
FlushFileBuffers
GetTimeZoneInformation
GetSystemTime
GetTickCount
GetModuleFileNameA
OutputDebugStringA

ws2_32

socket
inet_addr
htons
closesocket
recv

wininet

InternetOpenA

user32

CharLowerA

msvcrt

_strupr
_stricmp
_wcsicmp
_adjust_fdiv
_initterm
memcmp
strchr
free
strcpy
strlen
malloc
strstr
strcmp
strncpy
sprintf
memcpy
_except_handler3
strcat
time
memset
strrchr

Exports

Exports

W

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 898B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ