a28c7d38b0239b79133239a71d9b34a7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a28c7d38b0239b79133239a71d9b34a7_JaffaCakes118
Size

13KB
MD5

a28c7d38b0239b79133239a71d9b34a7
SHA1

a13b81773c04a774f602bfec941916d77acecc83
SHA256

5c17a4b48d9256d8743a60710bdd8138a1bd1aab9a78a6335f56ca15dedd8fca
SHA512

2f71bbdfce0d21ca200fc3d85d4d4e2ec6ed1b7e6675cf36e93d94c5103a2ff077a1c6dbc57350d0d7c17477b4be7b3337ba504465af20ac319a143ad3cf4a06
SSDEEP

384:1CB4fiPyyA+6EqgT9EZq6HVLyxPB50kHu+FgB/eH4N1yA:1CBUi6h+99wX2xgymB/tNT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/gslogincheck.exe

Files

a28c7d38b0239b79133239a71d9b34a7_JaffaCakes118
.zip
gslogincheck.c
gslogincheck.exe
.exe windows:4 windows x86 arch:x86

83a614d8d10f1e8a277f9f2ef9a44436

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

ExitProcess
SetUnhandledExceptionFilter

msvcrt

_strdup
_strnicmp
__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_errno
_iob
_onexit
_setmode
_vsnprintf
atexit
atoi
exit
fprintf
free
fwrite
malloc
memcpy
printf
puts
setbuf
signal
sprintf
strerror
strlen
time

ws2_32

WSAGetLastError
WSAStartup
closesocket
connect
gethostbyname
htons
inet_addr
inet_ntoa
ntohs
recv
send
socket

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 176B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
md5.c
md5.h
winerr.h