b5ecb31da0158cfb6300c664cecf3972_JaffaCakes118 | Triage

Sharing

General

Target

b5ecb31da0158cfb6300c664cecf3972_JaffaCakes118
Size

6KB
MD5

b5ecb31da0158cfb6300c664cecf3972
SHA1

b675ae2ef813ff73ea4e3f70a524ed1dbd20b3b1
SHA256

0f5cd8fd3c580ff3ff7f0749be3b1b11d911c3931a2b05779158e48a95157c0a
SHA512

386fc1716bdc51f6ffe80a0a31c98db77ed09ca795893c3310995841a686bc75bc6d8abcb39574325eb1dab0abf0f710be93ecf733b76066d228c9c341dbc64a
SSDEEP

192:3gtKrnIranD205ENUYB0BZJ3tXjTBz/UE:3FnI+i0bYB6jpjT5/UE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b5ecb31da0158cfb6300c664cecf3972_JaffaCakes118

Files

b5ecb31da0158cfb6300c664cecf3972_JaffaCakes118
.exe windows:4 windows x86 arch:x86

28c719cab5f3721430fe5575677b2b72

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
lstrcatA
LeaveCriticalSection
EnterCriticalSection
Sleep
InterlockedExchange
ExitThread
GetModuleFileNameA
CreateThread
DeleteCriticalSection
WaitForMultipleObjects
InitializeCriticalSection
WinExec
CopyFileA
GetWindowsDirectoryA
CreateFileA
WriteFile
CloseHandle
WaitForSingleObject
ExitProcess

user32

wsprintfA

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegDeleteValueA

shell32

ShellExecuteA

msvcrt

exit
fopen
fseek
printf
sprintf
strncpy
??2@YAPAXI@Z
??3@YAXPAX@Z
fwrite
fclose
fread

ws2_32

getsockname
send
recv
__WSAFDIsSet
select
connect
closesocket
socket
sendto
recvfrom
ntohl
bind
accept
listen
WSAStartup
inet_ntoa
inet_addr
gethostname
gethostbyname
htons

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

urlmon

URLDownloadToFileA

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE