da60cd17abb990748776caac141ba558_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

da60cd17abb990748776caac141ba558_JaffaCakes118
Size

6KB
MD5

da60cd17abb990748776caac141ba558
SHA1

27cd22742aa04073e19767426d4d5ac0e67db4d8
SHA256

0c22ee12eb1093bf70db5aba6f665dc1472ce1b1dacf9b048d01f3ad35c682cd
SHA512

99fcc2a20f6742c54b92d9ffc657ea12b6748825b25822a82bacff5c7c6020c2ad8209eedb486edc92409749cd660e2f478c1ee5d95b9895f71cad46751c585b
SSDEEP

96:QgmMiNHeuTwqKFSaVMBq+sZsQHwnUZoDMCGbL8HxjM3mz6SGiuVbgmMiZHI9L:HDzZ7FQUfCGbAVM3Y6SQyiyd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
da60cd17abb990748776caac141ba558_JaffaCakes118

Files

da60cd17abb990748776caac141ba558_JaffaCakes118
.dll windows:4 windows x86 arch:x86

6cab84d514bb65264574ada191db9e03

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord389
ord540
ord1228
ord3229
ord5204
ord5808
ord800
ord1168
ord690
ord1182
ord823
ord342
ord1253

msvcrt

??1type_info@@UAE@XZ
??3@YAXPAX@Z
strcmp
strncmp
atoi
__CxxFrameHandler
strstr
memcpy
memset
strlen
strcat
fopen
fread
fclose
printf
_EH_prolog
_strnicmp

kernel32

ReleaseMutex
WaitForSingleObject
CreateMutexA
Sleep
GetSystemDirectoryA
CloseHandle
GetExitCodeThread
CreateProcessA
CreatePipe
ReadFile
PeekNamedPipe
WriteFile
TerminateProcess
CreateThread

advapi32

RegDeleteKeyA

ws2_32

htons
inet_addr
closesocket
recv
setsockopt
getsockopt
send
connect
socket
WSAStartup

Sections

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 394B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ