ade27204f80b3c5124825ac9de1ef6e1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ade27204f80b3c5124825ac9de1ef6e1_JaffaCakes118
Size

96KB
MD5

ade27204f80b3c5124825ac9de1ef6e1
SHA1

fdfb5a874e9b7e66ecd359e6d11265b151884d56
SHA256

bd29e5e34028cb45dbed746223aedb0a39271596d9bc4c5ea07af46039297a8a
SHA512

4b4a322daa51d685aef93ffd685cfdde7243f204fbde736074dd9454ab3050234679339639e8e1f719d1fa3490d31595731d155d3c418ca6541e42dd71d098d8
SSDEEP

1536:JlCVZbpDTU67OCYgY3HOqOEa0C7J/zsljEtae2oH9AH9wW8bmmG+kva:aVZbp0mY+fs5EMe2oH9g9wDL2va

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ade27204f80b3c5124825ac9de1ef6e1_JaffaCakes118

Files

ade27204f80b3c5124825ac9de1ef6e1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4b08aac0714b7a19f40739f2b7f3c513

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

closesocket
shutdown
connect
bind
socket
htons
gethostbyname
WSAStartup
WSACleanup

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyA

kernel32

GetStartupInfoA
CloseHandle
ExpandEnvironmentStringsA
FindResourceA
SizeofResource
LoadResource
GetModuleFileNameA
DeleteFileA
CreateFileA
WinExec
GetCurrentProcess
GetProcAddress
GetModuleHandleA
GetTickCount
WriteFile
LockResource

user32

CharToOemA

msvcrt

_XcptFilter
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
sprintf
rand
memset
strcat
_exit
__getmainargs
exit
_acmdln

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 556B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ