d17f4599db9d686409df27cd263c9739_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d17f4599db9d686409df27cd263c9739_JaffaCakes118
Size

11KB
MD5

d17f4599db9d686409df27cd263c9739
SHA1

024692b1528555dae6113af6d9208662cd316093
SHA256

2fe88b9503840b0d7649db83455b4036e484f07d28107016ab2c0822043ce6c8
SHA512

d53b480df98f39c08d25e6b4355eac324050406da07c7060fe91c92136dfea7726574e9d41b0fd9836f55222d74fb89f82e4a59723a8d8023da2a6d848ef812c
SSDEEP

192:FhJaHMj3xBOYBrNpBrBh0EiidTipWCNJbW:DhBTrfb6vKWWCNJbW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d17f4599db9d686409df27cd263c9739_JaffaCakes118

Files

d17f4599db9d686409df27cd263c9739_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8bba56c6932640ca99cf61c594c71ef7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
SizeofResource
SetFileAttributesA
RtlZeroMemory
MultiByteToWideChar
LoadResource
LoadLibraryA
GlobalUnlock
CloseHandle
GlobalLock
GlobalFree
GlobalAlloc
FreeLibrary
FindResourceA
ExitProcess
DeleteFileA
CreateProcessA
CreateFileA
WriteFile

user32

ReleaseDC
GetSystemMetrics
GetDC

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
DeleteObject
SelectObject
GetDeviceCaps
GetDIBits
BitBlt

gdiplus

GdipGetImageEncodersSize
GdipGetImageEncoders
GdipDisposeImage
GdipSaveImageToFile
GdiplusShutdown
GdiplusStartup
GdipLoadImageFromFile

ws2_32

accept
WSAStartup
closesocket
htons
listen
socket
WSACleanup
bind

wininet

InternetGetConnectedState

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 718B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ