d1dbd10317faca66953da51d34c251be_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d1dbd10317faca66953da51d34c251be_JaffaCakes118
Size

15KB
MD5

d1dbd10317faca66953da51d34c251be
SHA1

8e64c93cd94778a7d4bdee8a11bfa4284e63ba5c
SHA256

c6c6be50e8a5e65809848e8f1a16ffc2d3535e2c099d9da9a06fba6516e509be
SHA512

7faf8482e770724cae9c83a6e3c8d6e3671b8c90c23c03999e19f8361d618c8afd097453f6db9af232f428bfe306e1ea5994febf7b1ebcc2c2b9c0cb7b0eeceb
SSDEEP

384:LeIHxlw0uC2PGvgLtVFeslrkRiypghM6raeqw:LeV8vutVFe0rki0gh9X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d1dbd10317faca66953da51d34c251be_JaffaCakes118

Files

d1dbd10317faca66953da51d34c251be_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b074dfaed6d6f558827e3383523ff8a5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
CloseHandle
CreateProcessA
CreateFileA
LoadResource
FindResourceA
CopyFileA
LockResource
lstrcmpA
CreateThread
GlobalMemoryStatus
GetSystemTime
GetCurrentProcessId
GetProcAddress
GetModuleHandleA
GetVersion
GetModuleFileNameA
GetSystemDirectoryA
ExpandEnvironmentStringsA
GetVersionExA
Sleep
lstrlenA
GetCurrentProcess
TerminateProcess
ExitProcess

user32

wsprintfA

advapi32

RegCloseKey
RegSetValueExA
RegCreateKeyExA
GetUserNameA
RegCreateKeyA

ws2_32

htons
inet_addr
gethostbyname
socket
inet_ntoa
connect
bind
closesocket
send
htonl
WSAGetLastError
__WSAFDIsSet
ioctlsocket
select
WSAStartup
recv
accept
listen

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ