bf568f84bd5eec793941d5b5f89a5139_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bf568f84bd5eec793941d5b5f89a5139_JaffaCakes118
Size

11KB
MD5

bf568f84bd5eec793941d5b5f89a5139
SHA1

8a7aa6537da842b3fc1c717a8c5e2f074f78ea21
SHA256

eb5f8483485a4f95c57077cf343d58ca7a297c245b6a3e65a43d55c8c3b4ae26
SHA512

491431299affe0bf6db86d97b4eda27d20159b94525a38ab1c78373e9caac9e1ddb2e5e472b4e4653e0321576fc0287835e3a7f5d11a1ce3cfd971ed129a9fe7
SSDEEP

192:4buLXEANMejn77VXBKt2Z1J/nUjWzQXhmmXRc9pOeafBEbf1oynMWyB9:jzvNMKPdBKt4DfaXhmmhmpOHJa1uWy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf568f84bd5eec793941d5b5f89a5139_JaffaCakes118

Files

bf568f84bd5eec793941d5b5f89a5139_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2cb675e4394301681bd71645be4f5818

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord6383
ord5440
ord6394
ord5450
ord3663
ord940
ord823
ord860
ord537
ord926
ord939
ord941
ord825
ord1200
ord2915
ord2818
ord6648
ord6223
ord858
ord2614
ord800
ord540

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
memset
_mbscmp
__CxxFrameHandler
memcpy
__dllonexit
_onexit
_exit
_XcptFilter
__getmainargs
_acmdln
exit

kernel32

MapViewOfFile
LocalFree
FreeLibrary
LoadLibraryA
GetProcAddress
CloseHandle
GetVersionExA
ExitProcess
GetLastError
CreateMutexA
Sleep
ReadProcessMemory
WriteProcessMemory
OpenProcess
UnmapViewOfFile
GetModuleFileNameA
GetSystemDirectoryA
GetStartupInfoA
GetModuleHandleA

user32

MessageBoxA
FindWindowA
GetWindowThreadProcessId
GetAsyncKeyState
GetMessageA
TranslateMessage
DispatchMessageA
SetTimer

advapi32

StartServiceCtrlDispatcherA
SetEntriesInAclA
GetSecurityInfo
StartServiceA
OpenServiceA
CloseServiceHandle
CreateServiceA
OpenSCManagerA
SetServiceStatus
RegisterServiceCtrlHandlerA
SetSecurityInfo

ws2_32

send
connect
htons
socket
gethostbyname
WSAStartup
closesocket

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ