a2c6e44e7cce0097dd51fa291abe953b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a2c6e44e7cce0097dd51fa291abe953b_JaffaCakes118
Size

82KB
MD5

a2c6e44e7cce0097dd51fa291abe953b
SHA1

1cb7695c5bac571dd0db95fd3f41b597cde0d6c7
SHA256

939a8546cbf30109ebd4503e008234b7dc32cccaa155ce854f39b27946913bb8
SHA512

4ed99afd7f3f81677dc5f5775a673fcfa556bf64c7cf253c64668e8a215959da0eca38a0e8d9430b392aab55873c94175747ac5afb2b17f14534eb502c7a3ec0
SSDEEP

1536:BI4oilEuX2JDieWt1Ptk7xkT97zSF4KxoSChMo420ADC1KakjQRu:BI4flEuX2JD2PW7apfW4gshLaADC1KXL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a2c6e44e7cce0097dd51fa291abe953b_JaffaCakes118

Files

a2c6e44e7cce0097dd51fa291abe953b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e390d1f30f8f14adc9cac2def3cde4de

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
HeapFree
lstrcmpA
FindClose
FindNextFileA
UnmapViewOfFile
Sleep
FindFirstFileA
lstrcpyA
FreeLibrary
VirtualAlloc
GetProcAddress
LoadLibraryA
GetVersionExA
CreateThread
lstrcatA
GetFileSize
GetCurrentProcess
CreateProcessA
WriteFile
LockResource
LoadResource
FindResourceA
CopyFileA
GetSystemDirectoryA
ExpandEnvironmentStringsA
GlobalMemoryStatus
GetSystemTime
HeapAlloc
GetModuleHandleA
GetVersion
GetEnvironmentVariableA
CloseHandle
CreateFileA
GetProcessHeap
CreateFileMappingA
MapViewOfFileEx
GetModuleFileNameA
SetPriorityClass
GetCurrentProcessId
TerminateProcess
ExitProcess

user32

wsprintfA

advapi32

RegSetValueExA
RegFlushKey
RegCreateKeyA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
GetUserNameA

ws2_32

connect
htons
inet_addr
gethostbyname
socket
inet_ntoa
send
closesocket
recv
bind
htonl
WSAGetLastError
__WSAFDIsSet
select
ioctlsocket
gethostname
WSAStartup
accept
listen

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ