b29def18770b973d7826e2dda786c73c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b29def18770b973d7826e2dda786c73c_JaffaCakes118
Size

26KB
MD5

b29def18770b973d7826e2dda786c73c
SHA1

37a87271af86b5bd16a836608dfbf129557b2080
SHA256

c4a21d2c69aeff1903ea556719139acc270a34c8449b67d5b32bd183b002b182
SHA512

f1a0c47957720c9393deae8cc5c79cd44da8d1f45f1fa83f102c41f0912b3496191cad4217dad121e1b785c55079e82e0c4319ac1fdeb63d29cd02d36cb4adca
SSDEEP

384:FdM1HGGhHJQYAozQYOaTLEU56ZRhrI/uXffoPf8x:FdwHGGhpko8YOCLErrfAPf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b29def18770b973d7826e2dda786c73c_JaffaCakes118

Files

b29def18770b973d7826e2dda786c73c_JaffaCakes118
.dll windows:4 windows x86 arch:x86

870f99ae66741aa7f04db48c974e8d2c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcr71

printf

ws2_32

htons
gethostbyname
setsockopt
WSACleanup
inet_addr
accept
listen
bind
WSAStartup
socket
connect
closesocket
select
__WSAFDIsSet
recv
send

avicap32

capCreateCaptureWindowA

kernel32

GetTickCount
CreateThread
WinExec
lstrcmpA
GetCurrentDirectoryA
CreateDirectoryA
RemoveDirectoryA
CreateFileA
ReadFile
SetFilePointer
WriteFile
CloseHandle
GetFileSize
GlobalAlloc
GlobalFree
Sleep
lstrcpyA
lstrlenA
GetLogicalDriveStringsA
FindNextFileA
FindFirstFileA
SetCurrentDirectoryA
DeleteFileA
SetFileAttributesA
CopyFileA

user32

RegisterClassA
CreateWindowExA
DefWindowProcA
PostQuitMessage
DestroyWindow
SendMessageA
IsWindow

gdi32

GetDeviceCaps
CreateCompatibleDC
DeleteDC
CreateDCA
SelectObject
BitBlt
GetDIBColorTable
DeleteObject
CreateDIBSection

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 1014B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ