030b8eeacdc4e79c130bb84d40fa4d10_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

030b8eeacdc4e79c130bb84d40fa4d10_JaffaCakes118
Size

14KB
MD5

030b8eeacdc4e79c130bb84d40fa4d10
SHA1

23b302d160bf6c1ff7a96f848f0a6076ae555c91
SHA256

12d4685fd8391509a3ee8987f980b89f0ea34e8057cf89e6b4ba18d0851e8504
SHA512

e5b50aee8abe227d8eca6bdccf4a538db559466deb9904c91af4a0e1d4fcaeb217660d7080ac8241920073abe7bb42d4cc69db7d6b92a8a19f087bc2315d76fd
SSDEEP

384:WFUstmGYtctP3TI84YX5nkdWJyyGSmK8wg7Q1XW:zUVuYfJyd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
030b8eeacdc4e79c130bb84d40fa4d10_JaffaCakes118

Files

030b8eeacdc4e79c130bb84d40fa4d10_JaffaCakes118
.exe windows:1 windows x86 arch:x86

c8f30ef6261b2f47f92babb1f362ab56

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA

user32

CreateWindowExA
DefWindowProcA
DestroyWindow
DispatchMessageA
EnumChildWindows
FindWindowA
GetMessageA
KillTimer
PostQuitMessage
RegisterClassA
RegisterClassExA
SendMessageA
SetTimer
ShowWindow
TranslateMessage

rasapi32

RasEnumEntriesA
RasGetEntryDialParamsA

wsock32

closesocket
send
recv
connect
ioctlsocket
htons
socket
inet_addr
gethostbyname
gethostname
WSACleanup
WSAStartup

kernel32

CloseHandle
CopyFileA
CreateFileA
CreateThread
ExitProcess
FreeLibrary
GetCommandLineA
GetComputerNameA
GetFileSize
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
GlobalAlloc
GlobalFree
LoadLibraryA
ReadFile
SetFilePointer
WriteFile

Sections

AUTO
Size: 6KB - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DGROUP
Size: 6KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 7KB - Virtual size:

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE