a5fd004bc07618bf3f0ffda07df4782f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a5fd004bc07618bf3f0ffda07df4782f_JaffaCakes118
Size

821KB
MD5

a5fd004bc07618bf3f0ffda07df4782f
SHA1

41831676e40e7d26d67c0905c2a4fe69f2129037
SHA256

049e18667c7d48fcfbc8a0daa669ced98bb5cf628047ca8c687ddc1a407d33db
SHA512

e2006945cd40e425ffde7e4d025475de591b0820da7fc841c75d3df2a68e843b1c2234252e50269517a3aaab7f5abceecdf3dcf0a91380c8e6118817f134a73c
SSDEEP

24576:bcLYuMZ2nV+qMDFi1SNCDJmkQ1MIZej3qpW/6:bcLFMZ2PcipJDQ1MIZeja86

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a5fd004bc07618bf3f0ffda07df4782f_JaffaCakes118

Files

a5fd004bc07618bf3f0ffda07df4782f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

00a18e02eb060188a42031561b728bfa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

sendto
WSAResetEvent
WSAEnumNameSpaceProvidersA
select
getservbyname
WSAGetQOSByName
getprotobyname
WSAAsyncGetHostByName
WSASendDisconnect

kernel32

GetBinaryTypeA
FileTimeToLocalFileTime
SetConsoleMode
GlobalFindAtomA
ReadConsoleA
GetFileType
UnmapViewOfFile
GlobalReAlloc
GetTapeParameters
ExitProcess
FormatMessageW
WritePrivateProfileStringW
SetProcessShutdownParameters
SetCommTimeouts
LCMapStringA
ReadDirectoryChangesW
FindFirstFileA
VirtualQueryEx
TryEnterCriticalSection
SetTimeZoneInformation
QueryDosDeviceW
IsProcessorFeaturePresent

user32

GetDlgCtrlID
SubtractRect
DialogBoxParamW
GetProcessDefaultLayout
SetForegroundWindow

version

VerFindFileA

Sections

.text
Size: 1KB - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 589KB - Virtual size: 588KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ