b28cfc597b7c320a3eb01662d7dd46eb_JaffaCakes118 | Triage

Sharing

General

Target

b28cfc597b7c320a3eb01662d7dd46eb_JaffaCakes118
Size

12KB
MD5

b28cfc597b7c320a3eb01662d7dd46eb
SHA1

ef6df2398d186cda1aba67ccd04eeebfe323a998
SHA256

bd3445abd9a1573248929312c5907c74f62ca8857b97453f1d3cfcc5b1eb47ec
SHA512

dc578a4bbc3907182a0f0a2ed8df2c26e8b6b402e3e16a868025113465a0843a47b654c1c973e38531c5c4b8f993ca11562ac1d1dbe32993185f5e3d0eba1508
SSDEEP

192:4QtXNRdkVOvbCZLUkP/YJG0Om+kDUeQQd4OSqwEANYVe:/tXxfvbCZLUkP/gDlQQd4OFHV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b28cfc597b7c320a3eb01662d7dd46eb_JaffaCakes118

Files

b28cfc597b7c320a3eb01662d7dd46eb_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9bd0d406d9af3f63f2ad8a4111a17807

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSAStartup
inet_addr
ioctlsocket
gethostbyname
connect
select
htons
recv
socket
closesocket
send

shlwapi

StrToIntA

kernel32

GetTimeFormatA
Sleep
HeapReAlloc
CreateThread
CloseHandle
WinExec
DeleteCriticalSection
WaitForMultipleObjects
EnterCriticalSection
ExitThread
GetTimeZoneInformation
GetSystemDirectoryA
TerminateThread
LeaveCriticalSection
ExitProcess
CreateFileA
lstrlenA
HeapAlloc
HeapFree
InitializeCriticalSection
GetProcessHeap
GetDateFormatA
WriteFile

user32

wsprintfA

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ