cf6056c4777def311d2a959d63bf60df_JaffaCakes118 | Triage

Sharing

General

Target

cf6056c4777def311d2a959d63bf60df_JaffaCakes118
Size

75KB
MD5

cf6056c4777def311d2a959d63bf60df
SHA1

42b0ac2795f74a15d12fa2c7bcb478b070b7b90d
SHA256

cfbc00ef088e25c3b77e9117ab7037bf5c9cde90a18b27bd6d43d059f18cd1ba
SHA512

8bdaea1785491dc947945ff7301c15575b0627fc1b190d618638d7eb581d7e2d2326a6938107fd6eade908b70b444f5c8beb61460d0036cda513930b79beda80
SSDEEP

1536:KumYNgujqD6dbOpK7JK0VoiW77RfURTRfzBOfIPtICkXFgBvU:fmYNgipNOpK7JhSVImgP3kVgB8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cf6056c4777def311d2a959d63bf60df_JaffaCakes118

Files

cf6056c4777def311d2a959d63bf60df_JaffaCakes118
.dll windows:4 windows x86 arch:x86

1d440f984ef5d6bc4c1b3a1967bbdea2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

ExitWindowsEx

gdi32

GetDeviceCaps

advapi32

LookupPrivilegeValueA

psapi

EnumProcessModules

ws2_32

getpeername

netapi32

NetApiBufferFree

wininet

InternetCloseHandle

iphlpapi

SetTcpEntry

Exports

Exports

InitSocket
startup

Sections

.text
Size: 69KB - Virtual size: 276KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE