1671c3d683660b9a57bcc1e016471829_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1671c3d683660b9a57bcc1e016471829_JaffaCakes118
Size

19KB
MD5

1671c3d683660b9a57bcc1e016471829
SHA1

f38d599a3d52ed0113619afd9636ce68ccbac282
SHA256

6e37f120c940241e2869eb12cbd1b20c22c731ccbee6f2b3bbb8cad81e77d35d
SHA512

d71196f6ccc54cfefb7473d3f40be1aa6b44f9386a6f0d2764d4e3603c76bfd17e4633b6afb875e7ffc1b9fab9a526c553b63d5dbe1fc02212f09e9cfde86fd7
SSDEEP

384:d3WE9BBmoCE8lYz57nEiUzYSvC6N6MRKZZ:ZWmsXYztVUzYSvC60MCZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1671c3d683660b9a57bcc1e016471829_JaffaCakes118

Files

1671c3d683660b9a57bcc1e016471829_JaffaCakes118
.exe windows:1 windows x86 arch:x86

1b51dbe324150688ce5e3a0742d34a26

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

accept
htonl
SetServiceA
gethostbyaddr
listen
closesocket
bind
htons
sethostname

urlmon

ZonesReInit
DllCanUnloadNow
IsAsyncMoniker
IsValidURL
URLDownloadW
Extract
CreateAsyncBindCtx

Sections

.text
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE