aaeca5bfc80644b976db9e391476d425_JaffaCakes118 | Triage

Sharing

General

Target

aaeca5bfc80644b976db9e391476d425_JaffaCakes118
Size

14KB
MD5

aaeca5bfc80644b976db9e391476d425
SHA1

477faaca874bf8c69c6e836ed3f1b1b82415afa9
SHA256

f550bd0a8936707dd34104aeed21e658ee1973f0eeaff5b2e04111847ae24798
SHA512

f5f72f7cafaea00132a187193615600af92b827bee43ec9d32fe209605c1d288b4e9ba643f85175023bb0f46198a2f275583a6fb4955bce5300b30a6aacc0c50
SSDEEP

192:y1Hyo2RiWdszV3J/8/kjk8Vg+y4Qt7RWR4yWQErtfM:qJ2RicacTqxy4SWayWtU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aaeca5bfc80644b976db9e391476d425_JaffaCakes118

Files

aaeca5bfc80644b976db9e391476d425_JaffaCakes118
.dll windows:4 windows x86 arch:x86

0036783b5bdde8020f94b35873f4fe29

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
Sleep
CloseHandle
CreateProcessA
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
CreatePipe
WriteFile
ReadFile
PeekNamedPipe

msvcrt

fread
_close
_filelength
_open
fclose
fwrite
fopen
strncmp
atoi
free
_initterm
malloc
_adjust_fdiv
_strlwr

ws2_32

closesocket
connect
inet_addr
htons
setsockopt
socket
WSAStartup
inet_ntoa
gethostbyname
gethostname
send
recv

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rad
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 558B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ