eefe472aa02a7edd31add265d75f800f_JaffaCakes118 | Triage

Sharing

General

Target

eefe472aa02a7edd31add265d75f800f_JaffaCakes118
Size

6KB
MD5

eefe472aa02a7edd31add265d75f800f
SHA1

324879fd91bc56845b4c1e3a39c4926e4f5ab5cb
SHA256

92305504bb1be7e77548ffa01f6367d1a979a963f704aa9a53c255ca455eaff0
SHA512

c0d5e7733dad7c24073d913b3499402b1a5be4a26b66ee6ab53ff2d57326a1665dca5d81ff27331a25a0fdbfbc72b83941a27f7fcdff7a94fa2518df7dd7eceb
SSDEEP

96:y2x9TIVxiMgt3TEPs4Q4km0CmlyH6RlVtCZS6l99t/dyJr:XvygMgtes4lkm5SyH8H92/t/er

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eefe472aa02a7edd31add265d75f800f_JaffaCakes118

Files

eefe472aa02a7edd31add265d75f800f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

dee313c6c47619ac6e23f6e4648d824f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Documents and Settings\pinische\Мои документы\projects\adware\release\socks5server.pdb

Imports

kernel32

GetSystemTime
CreateThread
GlobalFree
GlobalAlloc
InterlockedIncrement
SystemTimeToFileTime
ExitProcess
Sleep
InterlockedDecrement
lstrcmpA

ws2_32

send
socket
bind
gethostbyname
recv
WSACleanup
WSAStartup
connect
WSACreateEvent
htons
listen
closesocket
shutdown
accept

iphlpapi

NotifyAddrChange

wininet

InternetConnectA
HttpOpenRequestA
InternetCloseHandle
InternetOpenA
HttpSendRequestA

urlmon

ObtainUserAgentString

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE