fdd1276767b240783b50fa34dbdc2544_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fdd1276767b240783b50fa34dbdc2544_JaffaCakes118
Size

5KB
MD5

fdd1276767b240783b50fa34dbdc2544
SHA1

f2491619e795a433a741b14a580e69b5a5188dd4
SHA256

138fd40e2de6eb84ad1259c781269ae1077d0bedea7a2ecaa48a56bea5fe28a1
SHA512

7bf523274311e1e85da4ac710584694bbe8ef950ae3fd1f09b83c78a4c36c651e26ebab369d2f045af116255d77ccb4adeb6886cf3248b22f4420867ca8510a3
SSDEEP

96:eoQKAxLoZbXA49V0WfZfXiRe6hHcfIkHimt1WZadsfvO8laZB2VfIFXXJLMUGhH+:bQKucbw00WfNXsBhHo4mmZnf283V6xM6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/zoidboom2.exe

Files

fdd1276767b240783b50fa34dbdc2544_JaffaCakes118
.zip
winerr.h
zoidboom2.c
zoidboom2.exe
.exe windows:4 windows x86 arch:x86

07112cfd5d90754e6bb1f9d5997841d7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

ExitProcess
SetUnhandledExceptionFilter
Sleep

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_errno
_iob
_onexit
_setmode
atexit
atoi
exit
fprintf
fwrite
printf
puts
setbuf
signal
strerror
tolower

ws2_32

WSAGetLastError
WSAStartup
closesocket
gethostbyname
htons
inet_addr
inet_ntoa
sendto
socket

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 112B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE