a16a71ae6464fb1f1a19c3dabcff14e9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a16a71ae6464fb1f1a19c3dabcff14e9_JaffaCakes118
Size

465KB
MD5

a16a71ae6464fb1f1a19c3dabcff14e9
SHA1

133adeab18e913dfae16aedf141426d1e1a7d5ef
SHA256

748caaea7156c66c8762797c0207e4261c05a17f2461522ea57dc43de4acbee1
SHA512

0d6bb0f8b95f44767a8f3388f2727a1e362edf0dbc40fda27096da2a201622804a5f3a8bf3ff730c02c7bd2bb6e93cd0149582ef787b028c811d2377436ffbaf
SSDEEP

12288:NlBQe6sGeEke9pk6nvFfj9RCoc9afONFPE/qc:/BV4e0kQfnfc9afOLPKqc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Router_Syslog.exe

Files

a16a71ae6464fb1f1a19c3dabcff14e9_JaffaCakes118
.zip
My_IP.txt
Router_Syslog.exe
.exe windows:4 windows x86 arch:x86

a651e518ace96412dba159ec16a78ac2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

oleaut32

SysFreeString

advapi32

RegQueryValueExA

user32

GetKeyboardType

gdi32

UnrealizeObject

version

VerQueryValueA

mpr

WNetGetConnectionA

olepro32

OleLoadPicture

ole32

CreateStreamOnHGlobal

comctl32

_TrackMouseEvent

shell32

Shell_NotifyIconA

winspool.drv

OpenPrinterA

comdlg32

ChooseColorA

wsock32

gethostbyaddr

Sections

.text
Size: 345KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
config.cfg
info.txt
myip.php
port.csv
script/connect.cmd
script/disconnect.cmd