045d21a0ee4ae83c1b0827d8e3109323_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

045d21a0ee4ae83c1b0827d8e3109323_JaffaCakes118
Size

11KB
MD5

045d21a0ee4ae83c1b0827d8e3109323
SHA1

9aa688bdb1432a5e8d2432731763b1e7177dae1d
SHA256

a4e1bfb47e8f9617492fe733179d5c05f77301d5072f30a655027a451e96ab11
SHA512

6b87f9f1c3c9cfea68d86c2518fa9d5f1c804a87fd384534ef0bcbe46c63a7f11adc3c4745154460095c453c7406b8701e7b50c93437d1a7ea6b11852990b540
SSDEEP

192:POnaz+SHCOgsRO5lfsrVFDtsZP4oynghMxPxvDz/cNp/RLK:QkOrsrVNtsl4OhMxPxvD4PZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
045d21a0ee4ae83c1b0827d8e3109323_JaffaCakes118

Files

045d21a0ee4ae83c1b0827d8e3109323_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d07d6e883b9c37ea7af379cce9f5c321

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
LocalFree
LocalAlloc
ExitProcess
SetFileShortNameW
MoveFileA
MoveFileExW
GetVersion
GetCommandLineW
GetModuleHandleA

ws2_32

WSAStartup
socket
send
gethostbyname
gethostname
getpeername
sendto
setsockopt
shutdown
htons
getsockname
ioctlsocket
listen
ntohl
inet_ntoa
inet_addr
select
recv
WSACleanup

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
exit
_XcptFilter
_exit
fopen
fseek
fputs
fwrite
atoi
printf
fclose

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 178B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ