a6772978bd8c6a248c12374f55b4cb99_JaffaCakes118 | Triage

Sharing

General

Target

a6772978bd8c6a248c12374f55b4cb99_JaffaCakes118
Size

10KB
MD5

a6772978bd8c6a248c12374f55b4cb99
SHA1

c0e690e7bd04ad8097bfe61b95d28b22148efc82
SHA256

ffc57d3050d1cf17bfa03985f7334b644d2a3f177f31c3a39d0546f5054c89a8
SHA512

d4caae3999e165f30b3021d6f74678c026f520f198e933c8b24579223c0d256ccfb403053b86db54ba5cffc497136f3712dc73ac25ab282adad0e520f26e6eaa
SSDEEP

192:Zrll0+JRDCGpcwdIbjHqS2vFKjOrUK+YUMVl0WBKs7S/QjQWt1:rDCO6nOcSbl0OaQjQWt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a6772978bd8c6a248c12374f55b4cb99_JaffaCakes118

Files

a6772978bd8c6a248c12374f55b4cb99_JaffaCakes118
.dll windows:4 windows x86 arch:x86

c8a8accb24f1f6df1d171ecc7fba3375

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSAStartup
gethostbyname
inet_addr
socket
connect
send
select
closesocket
recv

dnsapi

DnsRecordListFree
DnsQuery_A

wininet

InternetOpenA
InternetOpenUrlA
InternetCloseHandle
InternetReadFile

user32

wsprintfA

shlwapi

StrToIntA

kernel32

HeapAlloc
CreateThread
InterlockedIncrement
GetSystemDirectoryA
HeapFree
InterlockedDecrement
WriteFile
InitializeCriticalSection
GetProcessHeap
MapViewOfFile
WinExec
ExitProcess
VirtualAlloc
Sleep
LeaveCriticalSection
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
lstrcpynA
EnterCriticalSection
lstrlenA
lstrcpyA
GetLastError
CloseHandle
CreateFileMappingA
GetFileSize
CreateFileA
UnmapViewOfFile
DeleteFileA

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 678B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ