0270102b2b91d83927d41766d8538b65_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0270102b2b91d83927d41766d8538b65_JaffaCakes118
Size

17KB
MD5

0270102b2b91d83927d41766d8538b65
SHA1

a7f84f000c5f7b1f910ab98e5b02ed81da7da4c2
SHA256

bb32eaae70f6c94635bdb78755995201fbdd8ca40445089f6f61056a91ff2401
SHA512

a3fdd88d5a637ba49a62b6ded543bd9f95fc2675c34a362fad14cbf9f81c168d27011ae10ed295d660d2153482482ee9926e803b79d91e267be4322ff8b5c785
SSDEEP

384:q9taGctRf6z9cN4xKOLOr1tStxeigOlwQR8eWIdlgKZTUy9:qClNXOLOr1f5OSeW4/ZQy9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/haloproxy.exe

Files

0270102b2b91d83927d41766d8538b65_JaffaCakes118
.zip
halo_pck_algo.h
haloproxy.c
haloproxy.exe
.exe windows:4 windows x86 arch:x86

67f1923d16e393a60896001e6d9ea4e2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

ExitProcess
GetTickCount
SetUnhandledExceptionFilter

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_errno
_iob
_onexit
_setmode
atexit
atoi
exit
fprintf
fwrite
malloc
memset
printf
puts
setbuf
signal
strerror
tolower

ws2_32

WSAGetLastError
WSAStartup
__WSAFDIsSet
bind
gethostbyname
htons
inet_addr
inet_ntoa
ntohs
recvfrom
select
sendto
setsockopt
socket

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 192B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
rwbits.h
show_dump.h
winerr.h