aaa6b3b2664119327dc243441f7f806c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

aaa6b3b2664119327dc243441f7f806c_JaffaCakes118
Size

6KB
MD5

aaa6b3b2664119327dc243441f7f806c
SHA1

79a4f80993b355518e4c5270493ed595ac249d03
SHA256

1613b72a9bc8cad0b092c4004f8018d72ddcc19d380d839e0d51ce8ed3b5eabb
SHA512

4c11a9413626b76c55a1a0d5e8b8b88a45c1914223df8d8a019ab75f21a94cde5d7c4339bdb678753af23439acae9b1c4a9b9a47e994b7a25743719bed6cb2fc
SSDEEP

96:ltimTaCMLu3TfV4t9i87f8SVC1bmvX2Dh7etZQkIR5Ls4d221vQj2LHHnQL/l:WLCkuLV9dykV6ZQ/5ws1vQWnQjl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aaa6b3b2664119327dc243441f7f806c_JaffaCakes118

Files

aaa6b3b2664119327dc243441f7f806c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b545c193a517749df7b39d7dbf59a265

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSAStartup
recv
send
gethostbyname
socket
htons
connect
closesocket
getsockname

kernel32

GetProcessHeap
GetVersionExA
DeleteFileA
CloseHandle
WriteFile
CreateFileA
ExitProcess
GetModuleFileNameA
WinExec
GetSystemDirectoryA
Sleep
CreateThread
CreateMutexA
OpenMutexA
lstrlenA
WaitForSingleObject
CreateProcessA
HeapAlloc

user32

wsprintfA

advapi32

RegSetValueExA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ