ae6cfb28a428ae2a6bce3fc47356e9d1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ae6cfb28a428ae2a6bce3fc47356e9d1_JaffaCakes118
Size

6KB
MD5

ae6cfb28a428ae2a6bce3fc47356e9d1
SHA1

46c4bd461150ff5ae618278d6fee2dbcc61b9e36
SHA256

6cc8f4cef9dc35a064ae576676606179b6973b540a0e33e62bd39f3710a1f698
SHA512

aa681528d02894f65e874c7b5136344a546cce30f044c1cd3b695700f4b5c04bfc4ce148d37b5d9cb107c98eefd1365a17fd9582be4b93003b782bd8d60d057c
SSDEEP

96:nqJU8SDki87eHKT4cZdGdZENpaR6qaOzOXTH0xWibSib8trXsauE8KIrn:/JR8UKOdZENMILIUr0xsrX78X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ae6cfb28a428ae2a6bce3fc47356e9d1_JaffaCakes118

Files

ae6cfb28a428ae2a6bce3fc47356e9d1_JaffaCakes118
.dll windows:4 windows x86 arch:x86

5d1c97bad66fec87cb0d24263d0055b0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteFile
CreateFileA
CreatePipe
CreateProcessA
CreateThread
CreateToolhelp32Snapshot
DeleteFileA
FindFirstFileA
FindNextFileA
GetDriveTypeA
GetExitCodeProcess
GetFileSize
GetLogicalDriveStringsA
GetStartupInfoA
OpenProcess
PeekNamedPipe
Process32First
Process32Next
ReadFile
RtlZeroMemory
Sleep
TerminateProcess
WinExec
CloseHandle
lstrcatA
lstrcmpiA
lstrcpynA
lstrlenA

user32

ExitWindowsEx

wsock32

WSAStartup
accept
bind
closesocket
gethostbyname
WSACleanup
gethostname
htons
inet_addr
inet_ntoa
listen
recv
send
socket

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 995B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ