44739e5833c7fa5cf0beae5698fdc03e_JaffaCakes118 | Triage

Sharing

General

Target

44739e5833c7fa5cf0beae5698fdc03e_JaffaCakes118
Size

13KB
MD5

44739e5833c7fa5cf0beae5698fdc03e
SHA1

acf4c625bbe087ac5829c36d484b4a51b5482b01
SHA256

b6c06f7b116180c9d4890ea16c99fa0bab6f0d438c95bbc38d80e522c6d0240b
SHA512

406fa91dc3875346d186229c226c65e782c1f811af416b6ac1cb5c4bf8e7185465d64c31f4b3b5f2c40ed7ed5749d285b3bb796ba98ab3bc9290bc647a8824d7
SSDEEP

384:4LaT5qvzYwsnL6Jv5DgebLvJjlHJem8gBeH4t1i:4OT555GB5DpbFjlHJzBttg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/gshinfo.exe

Files

44739e5833c7fa5cf0beae5698fdc03e_JaffaCakes118
.zip
gshinfo.c
gshinfo.exe
.exe windows:4 windows x86 arch:x86

2504154f847db7e9041ef759cecb65ba

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

ExitProcess
SetUnhandledExceptionFilter

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_errno
_iob
_onexit
_setmode
atexit
atoi
exit
fprintf
fwrite
malloc
memcpy
printf
rand
setbuf
signal
sprintf
srand
strcpy
strerror
strlen
time

ws2_32

WSAGetLastError
WSAStartup
closesocket
gethostbyname
htons
inet_addr
inet_ntoa
recvfrom
select
sendto
socket

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 128B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
md5.c
md5.h
winerr.h