af0e79338cbeb1d3cbf203a0a3d6c61e_JaffaCakes118 | Triage

Sharing

General

Target

af0e79338cbeb1d3cbf203a0a3d6c61e_JaffaCakes118
Size

443KB
MD5

af0e79338cbeb1d3cbf203a0a3d6c61e
SHA1

b313c9f12281add0ad248458a28856bdb8375159
SHA256

f03f67c9f2154b72b0f735781ac55f6fd67faf7d55ba88acb0acda3578c3e75d
SHA512

d7223ec90f42cd765c4affb719d35d27c7cf6bb1e43b15876af968a112b7e8dc95799ccdfae831700c23e66801b6d5c09a40c6e980bfa14ac95e6c194dc98819
SSDEEP

12288:+Y3lOMG7fxKY5BdvnQx7nR9LEgJAqEz5BW:+rMskY5PvunR9LEs/E1BW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
af0e79338cbeb1d3cbf203a0a3d6c61e_JaffaCakes118

Files

af0e79338cbeb1d3cbf203a0a3d6c61e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b850e8e6be7639d40dcd5c2cd0fd9a14

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2help

WahCloseSocketHandle

wininet

InternetCrackUrlW

ntdll

NtAllocateVirtualMemory

kernel32

GetLastError
FreeLibrary
DisableThreadLibraryCalls
GetProcAddress
RaiseException
InterlockedExchange
Beep
GetSystemTimeAsFileTime

msvcrt

malloc
_initterm
_adjust_fdiv
free

advapi32

QueryServiceStatus
RegSetValueExW

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 74KB - Virtual size: 920KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 292KB - Virtual size: 291KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE