2d26a598622bd563f0cd117a051092aa_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2d26a598622bd563f0cd117a051092aa_JaffaCakes118
Size

12KB
MD5

2d26a598622bd563f0cd117a051092aa
SHA1

037f0d760b0e5563a9dde4dca768c05e3927002b
SHA256

e4b7524ab5f4968e01c688b0ac225d67f23a4d9c29e9aa608fc765c6c6b935c0
SHA512

16ccecb1932659167e1cea704485df3451a5846b9a1f5e9b3c356e647330bf94be5aa1434cc3a63fa43997e79d02e275e2a84a549fab90b6ff1b0ae5a1ac59a6
SSDEEP

192:bQIMht68Uylub4bq3N01R8o8s4WaEWM5rgCHyJCcx6Lr9iyJOEzM1hp5OrbER:MzHdluc+e75l7N59HNcxq/oMb+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d26a598622bd563f0cd117a051092aa_JaffaCakes118

Files

2d26a598622bd563f0cd117a051092aa_JaffaCakes118
.exe windows:1 windows x86 arch:x86

b8f8c103fb587f1519c08e72201ce277

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
RtlUnwind
Sleep
WaitForSingleObject
CreateThread

crtdll

__GetMainArgs
_strcmpi
toupper
_write
atoi
exit
free
malloc
memcpy
memset
printf
raise
signal
sprintf
strchr
strcmp
strcpy
strlen
strncmp
strncpy
strstr

wsock32

WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyname
htons
inet_ntoa
listen
recv
select
send
setsockopt
shutdown
socket

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 48B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 88B - Virtual size: 88B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rebld_i
Size: 759B - Virtual size: 759B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE