f5de2699e65c7d9db94c4d08dbbe64a8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f5de2699e65c7d9db94c4d08dbbe64a8_JaffaCakes118
Size

8KB
MD5

f5de2699e65c7d9db94c4d08dbbe64a8
SHA1

931a6e7b745604a081d98053d0bf12beb5fe2352
SHA256

61d8e3b9058fc9631bcbe0387ba5712562f53bf363b611a8b4c6224c41000eab
SHA512

9e6a1e46e233a20b8fb2faca3f3c58e6930ec6a1a727f41df80e5c03a1680caa05ce09f97ee21f750c38adb2abd64ed46bb449e7ea54812e51513eb063d5d12f
SSDEEP

192:YEDt4i5gIqvXDRrhXoFzkN6pNO5dsSDNfz3z03vuI2//XRkQAcX:3LgIqvDfh6O5Ln03Bk1JX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/sof2boom.exe

Files

f5de2699e65c7d9db94c4d08dbbe64a8_JaffaCakes118
.zip
sof2boom.c
sof2boom.exe
.exe windows:4 windows x86 arch:x86

9e5969774f0e66fb843b2900d9a6873e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

ExitProcess
SetUnhandledExceptionFilter

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_errno
_iob
_onexit
_setmode
atexit
atoi
exit
fprintf
fwrite
memset
printf
puts
setbuf
signal
sprintf
strchr
strerror
tolower

ws2_32

WSAGetLastError
WSAStartup
bind
closesocket
gethostbyname
htons
inet_addr
inet_ntoa
ntohs
recvfrom
select
sendto
setsockopt
socket

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 128B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
winerr.h