a1fb20b2ff27eb27b8ec4a7fcd8bb8df_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a1fb20b2ff27eb27b8ec4a7fcd8bb8df_JaffaCakes118
Size

6KB
MD5

a1fb20b2ff27eb27b8ec4a7fcd8bb8df
SHA1

824ff750db0fa95b33d087397eee0ddba0459b3c
SHA256

d4430c7016a667b5956bca58c06e4a4507e6ef635b69576c6bd52e2bfb3c7b0e
SHA512

576fb5649aace7c282932e52cd227c70d47d2459d419c1084b1a7cd9c290338dc358400c1c41d88c9291063b12e46a070e4ad57e0933e02898f35fa87d34d221
SSDEEP

96:Z9qrQnu8zyvLvHX5POifFhuatHafIRMKLLgXVWj5af9ye39q/w1:ZcX9DZOQFwmeGMGLSV6aVIw1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a1fb20b2ff27eb27b8ec4a7fcd8bb8df_JaffaCakes118

Files

a1fb20b2ff27eb27b8ec4a7fcd8bb8df_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c11be6ab1f5d5c9ddee3f8dc3ef125b6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyA
CreateThread
GetModuleFileNameA
Sleep
CreateEventA
GetLastError
HeapFree
HeapAlloc
GetProcessHeap
lstrlenA

ws2_32

socket
connect
htons
inet_addr
WSAStartup
ioctlsocket
send
__WSAFDIsSet
shutdown
closesocket
recv
select

dnsapi

DnsQuery_A
DnsRecordListFree

advapi32

RegCreateKeyExA
RegSetValueExA
RegCloseKey

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE