a8bb1744bedf43849ed808b7dfa32da4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a8bb1744bedf43849ed808b7dfa32da4_JaffaCakes118
Size

5KB
MD5

a8bb1744bedf43849ed808b7dfa32da4
SHA1

b2476afd9aafb136fb37b825ccb14a4a22b97eed
SHA256

a58159a6123fcedbc53b5a99f2a2cbf973e1d45f6f6c8f67e918bd62a1fccaa7
SHA512

bce7e4b35a45d8361ee1534aee45c9fbdc7f45ed00653e8490c9d6c148877321d6dcad5f7d36cd94c54b300c1e0387eac272bf08712325c3c784b3346e5e3106
SSDEEP

96:QuYyQRcZHOfjMJIxwpLqDXeIerNqJ8+0kl6iY6bj9XCJ9ifinn:Qu9MYIxUPRqJ8+0EhYOUJ9i6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a8bb1744bedf43849ed808b7dfa32da4_JaffaCakes118

Files

a8bb1744bedf43849ed808b7dfa32da4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

181194f2409af7c5629f6959cddb65a3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyExA
RegSetValueExA
RegCloseKey

kernel32

CloseHandle
CopyFileA
CreateThread
DeleteFileA
ExitProcess
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
Sleep
WinExec
lstrcatA
lstrcmpiA
lstrcpynA
lstrlenA

wsock32

htons
WSAStartup
accept
bind
closesocket
connect
gethostbyname
gethostname
WSACleanup
inet_addr
inet_ntoa
listen
ntohs
recv
send
socket

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 774B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 574B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE