a1d7c33069284d47a32d180f6e56fe6d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a1d7c33069284d47a32d180f6e56fe6d_JaffaCakes118
Size

10KB
MD5

a1d7c33069284d47a32d180f6e56fe6d
SHA1

419fea1f055bde79591d9d1f9d6eea9c151cfe6f
SHA256

69eae151c1b78497fcf6ebdc3fdedfc8dea4e51556980525bbc41b059f199c2c
SHA512

1bffc94a9e1ce7f962ebd31750e8cd10ef8ea88b92bf39a1809fa75e8394cab624b896f36e901a9c662ed6f5062aa75bdfef78d3ad592c615fec2bf32645b414
SSDEEP

96:9HDN2hTvzPqAurD0FTr/z0PmwrD3AuzPfG4NqnlydUYdl5nHBl/ZhquQ0YpdTe0r:9HDN2ZOiMEBuqlUdjBBjobL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a1d7c33069284d47a32d180f6e56fe6d_JaffaCakes118

Files

a1d7c33069284d47a32d180f6e56fe6d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

96296042b7ec293331cb836395f82252

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
ContinueDebugEvent
CreateFileA
CreateRemoteThread
CreateThread
CreateToolhelp32Snapshot
GetFileAttributesA
GetModuleHandleA
GetProcAddress
GetTickCount
Module32First
Module32Next
MoveFileA
MoveFileExA
OpenProcess
Process32First
Process32Next
ReadFile
RtlZeroMemory
Sleep
VirtualAllocEx
WriteFile
WriteProcessMemory
lstrcmpiA
lstrcpyA
lstrlenA
GlobalAlloc
GlobalFree
WinExec

ws2_32

WSACleanup
WSAStartup
closesocket
connect
gethostbyname
htons
inet_addr
inet_ntoa
recv
select
send
socket

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 154B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ