fcfb5bd4bfcccdf0c3c3b9bb2a4f3a94_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fcfb5bd4bfcccdf0c3c3b9bb2a4f3a94_JaffaCakes118
Size

78KB
MD5

fcfb5bd4bfcccdf0c3c3b9bb2a4f3a94
SHA1

a66da72a931714b4e2fd6676ed7fc287bb104d94
SHA256

d06280d5044542c587c866c3f69162af4b8f1d8c420b44f93b477b23fab371e9
SHA512

cdc84ac05bef688fe1698e273499c194d8e9df2897ffc3f2a7e2da34162b2ba6ca8407c4dab3f3eb5c1df0da48d4bebf1b2c9528686040d7f7162e238b805c1f
SSDEEP

1536:yRZZMpWm7VyhLYTj7wLK9tKNjfG9OUwzqNKkJyyc+WBSaoYAHdRpMfX2Ru:yRZK8m7VyhLYTYLK9tEbHUnsY5WQ2ATK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fcfb5bd4bfcccdf0c3c3b9bb2a4f3a94_JaffaCakes118

Files

fcfb5bd4bfcccdf0c3c3b9bb2a4f3a94_JaffaCakes118
.exe windows:4 windows x86 arch:x86

799e260a62475623ddf80b12faa9e043

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
lstrcmpA
GetModuleFileNameA
SetPriorityClass
GetCurrentProcess
WriteFile
CreateFileA
lstrlenA
CreateThread
GetSystemDirectoryA
CopyFileA
GetSystemTime
GetCurrentProcessId
GetProcAddress
GetModuleHandleA
GetVersion
LockResource
CreateProcessA
FindResourceA
CloseHandle
LoadResource
GetVersionExA
ExitProcess
TerminateProcess

user32

wsprintfA

advapi32

RegFlushKey
RegCreateKeyExA
RegSetValueExA
RegCreateKeyA
RegCloseKey

ws2_32

bind
connect
htons
inet_addr
gethostbyname
socket
accept
recv
listen
send
htonl
WSAGetLastError
__WSAFDIsSet
ioctlsocket
select
WSAStartup
closesocket
inet_ntoa

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE