40171212e0b2632b1dd731a4b320b625_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

40171212e0b2632b1dd731a4b320b625_JaffaCakes118
Size

7KB
MD5

40171212e0b2632b1dd731a4b320b625
SHA1

5384f31d44ce4a606cffe36ec0206638a5bc90a1
SHA256

c50fbb67c1d7b1c5f51b7f32b0718f2980cda009bf778003df968f37155e1b96
SHA512

c686ff7da865586d964ad8c8aab20d8a06fc1b3d967d1248f49f2c42093d4ed8af2f65bb177bf7484375587473f8e8d1577f3c8d99e3f6d1e0f5c4a7b0782dd0
SSDEEP

96:2kWuF+4w7aA+I+UfdXP0tCf2DtmjlJCADcrhDJ6/tnFLkL9SnbIkyNmzQqcYa:y4bW2nYJCADcrp8/tnFLkYnDiq/a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40171212e0b2632b1dd731a4b320b625_JaffaCakes118

Files

40171212e0b2632b1dd731a4b320b625_JaffaCakes118
.exe windows:1 windows x86 arch:x86

e10461cf6c38331b111f0154fe703bb0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

DSA_GetItemPtr
ImageList_Draw
FreeMRUList
ImageList_SetDragCursorImage

kernel32

CreateMailslotW
EnumResourceTypesA
GetTimeFormatA
DisableThreadLibraryCalls

ntdll

LdrInitializeThunk
LdrAccessResource
NtAccessCheck
NtAddAtom

shell32

RealShellExecuteW
SHGetFolderPathW
SHGetUnreadMailCountW
SHFormatDrive

Sections

.text
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: 4B - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE