c01bdf179462948d2dca3f64be55b5c9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c01bdf179462948d2dca3f64be55b5c9_JaffaCakes118
Size

13KB
MD5

c01bdf179462948d2dca3f64be55b5c9
SHA1

e9ede333cd36ae5b70dd9a7569f8a68b4a46a7a8
SHA256

21c5f739fae3597d0bbc15d146efca67e7a93e7fa3af45e125acbf8c57dad08a
SHA512

d0ed1806ebf6c54ac5b32e93cf04a3126fc1582bc4eb1b9ce9bd33f68f27527d3323d279ee9b449f51c505f297d27d4254c09378b2c1cf3ce64aca56d5bc2597
SSDEEP

384:NmsK6lLFcRrSWMEWAkcJCJe/ZMXaRReA5aSyb8p:zKsLwrbOcJC4/ZMq3eAw4p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/netrekfs.exe

Files

c01bdf179462948d2dca3f64be55b5c9_JaffaCakes118
.zip
netrekfs.c
netrekfs.exe
.exe windows:4 windows x86 arch:x86

cf723a1c9b446700d5e46480123e0c4c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

CreateThread
ExitProcess
SetUnhandledExceptionFilter
Sleep

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_errno
_iob
_onexit
_setmode
atexit
atoi
exit
fprintf
fwrite
printf
puts
setbuf
signal
strerror
tolower

ws2_32

WSAGetLastError
WSAStartup
closesocket
connect
gethostbyname
htons
inet_addr
inet_ntoa
ntohs
recv
send
socket

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 128B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
packets.h
winerr.h