3d381dd56d5d434ddf16f8d1a3c77df0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3d381dd56d5d434ddf16f8d1a3c77df0_JaffaCakes118
Size

5KB
MD5

3d381dd56d5d434ddf16f8d1a3c77df0
SHA1

5e6b1369b0397292ea6e66b57fc0c6c9ed8ca1e6
SHA256

11d50ee1d428bacad2d6007027d696b3db728949e73c7923f727330631a63b51
SHA512

ad87234ba739a616994a6e6c61c95afea839c7ed79359dfb42ec9f4187e54f93509d40797fc9e00fa70637c1f488a8230c992ae627f3a6811476799f457919b5
SSDEEP

96:Z1ImdELHJK/IFogL7jIt/P2LDbs0TZJ01l4OHVUCqgvDG0upvENP:kQELHJK/IFDG/ubTw1/p/uuR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d381dd56d5d434ddf16f8d1a3c77df0_JaffaCakes118

Files

3d381dd56d5d434ddf16f8d1a3c77df0_JaffaCakes118
.exe windows:1 windows x86 arch:x86

f7a6ff0e72fe166d210822c7e450c38e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessA
CreateThread
ExitProcess
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetThreadContext
GetTickCount
GetVersion
LoadLibraryA
ResumeThread
RtlZeroMemory
SetThreadContext
Sleep
VirtualAlloc
WriteProcessMemory
lstrcatA
lstrlenA

user32

MessageBoxA

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

ws2_32

WSACleanup
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyname
gethostname
getsockname
listen
ntohl
ntohs
recv
select
send
shutdown
socket

Sections

.int3r
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE