10d562cf4c0b570cbc405ba711dd73f9_JaffaCakes118 | Triage

Sharing

General

Target

10d562cf4c0b570cbc405ba711dd73f9_JaffaCakes118
Size

39KB
MD5

10d562cf4c0b570cbc405ba711dd73f9
SHA1

09a818c7f4379222bc5260b7d6f65914c00a1c0d
SHA256

0e37c32fe6147b1892a968897ea929b116a174773b00d3f2572365e3079acca2
SHA512

8fb389d7a630977d48c2c0c86d9bc467a59117fe2390b39f0c7ad56d80f87fb074dd622677617104b8451895f13cf051c913a50089e8298d38ec82c9b5bbd0e2
SSDEEP

768:VIr7PS5s0CzOXk/6HnBq53YEtiZu/ODSupBGmQpw:VYcvCzOXnB5Etiw/ODSqBGnw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
10d562cf4c0b570cbc405ba711dd73f9_JaffaCakes118

Files

10d562cf4c0b570cbc405ba711dd73f9_JaffaCakes118
.exe windows:1 windows x86 arch:x86

fbb66d787f04ffe185c1465fad6513b0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

accept
htonl
SetServiceA
gethostbyaddr
listen
accept
bind
htons
sethostname

urlmon

ZonesReInit
DllCanUnloadNow
IsAsyncMoniker
IsValidURL
URLDownloadW
Extract
CreateAsyncBindCtx

Sections

.text
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE