cf95a75c5eb60f67b580f4a0d92e3b0a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cf95a75c5eb60f67b580f4a0d92e3b0a_JaffaCakes118
Size

6KB
MD5

cf95a75c5eb60f67b580f4a0d92e3b0a
SHA1

64991113d4a9d93178f44cd46a78ba6be1114741
SHA256

9c296892f0d1421ebda17ac2beb6400cbabc3927b4a8892f2a218270a69d41bc
SHA512

1f04bb1342bd3ccd10c277ff029554f806f607840908930c05bc9ab974483c557b09492ff3ce594e0f98c9eba98991bd166c1e1f9e724e31ff09d64d3cd97671
SSDEEP

96:lM/3GWbR1BUSisnEdpzN6uSnTX+/9hSF7T9gG/Emb/k+VbRktOBeh:lM/fb5US92kuSi/Wp+GC+VbRkQAh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/haegfp.exe

Files

cf95a75c5eb60f67b580f4a0d92e3b0a_JaffaCakes118
.zip
haegfp.c
haegfp.exe
.exe windows:4 windows x86 arch:x86

210910ff56d0d555ae079e98e991edf6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

ExitProcess
SetUnhandledExceptionFilter
Sleep

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_errno
_iob
_onexit
_setmode
atexit
atoi
exit
fprintf
fputc
fwrite
malloc
printf
rand
setbuf
signal
srand
strerror
time
tolower

ws2_32

WSAGetLastError
WSAStartup
bind
closesocket
gethostbyname
htons
inet_addr
recvfrom
select
sendto
socket

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 144B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
winerr.h