40ed7d8a4d69ce57525bf9f86c02fd6d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

40ed7d8a4d69ce57525bf9f86c02fd6d_JaffaCakes118
Size

244KB
MD5

40ed7d8a4d69ce57525bf9f86c02fd6d
SHA1

21edcf9adb53914f46c8c8ea6fb7e77ca3994d9e
SHA256

36494b1d530c382a7851b273f21caf5c869dce1e8fdf6874f495c36c840ed822
SHA512

17f381eb8cdf313ef3fe7397b73c05f9b2ad57deb219eb0349483fa3fcfd6eae566137600801917602400777730f13d4ef7e43759c253450111bfff68d53b433
SSDEEP

3072:fFNQuk6k0F1xytONtvNksRITxW5rJHW6X+7xRcpsM6gO7XxU3BQu:fEZNtSdNksRIFWvH7sxR5M6gqhU3BX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40ed7d8a4d69ce57525bf9f86c02fd6d_JaffaCakes118

Files

40ed7d8a4d69ce57525bf9f86c02fd6d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3d0f994d7aba18941df94284cb2fc291

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessAffinityMask
CreateMailslotA
SetVolumeLabelW
lstrlenA
FreeConsole
LocalSize
GetCurrentProcessId
GlobalFindAtomA
GetVersionExA
LoadLibraryExW
GetNumberFormatW
CompareStringA
GetLocaleInfoA
GetExitCodeThread

user32

LoadImageW
CreateIconFromResource
SendMessageCallbackW
ChangeMenuW
DdeCreateDataHandle
CreateIconFromResourceEx

gdi32

ExtSelectClipRgn
InvertRgn
PolyBezier
Ellipse
GetEnhMetaFileBits
ExtFloodFill
ExtTextOutA
StartDocA

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 866B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 172KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data0
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE