4c008b175bdb22c0fbd1cc8146b065fe_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4c008b175bdb22c0fbd1cc8146b065fe_JaffaCakes118
Size

4KB
MD5

4c008b175bdb22c0fbd1cc8146b065fe
SHA1

3f53957e33f9e513145a3ed1aa39011a967cb408
SHA256

30f74a28093e32ef7130319d4c1be9ce5fe1d7883fc5ffdf8269bf09163eca07
SHA512

05912f697d4ab5f56c53bba3cdb8bfc1f04239a12ac48dedc2074b81423915bb0bf61e04e218ca4bf5750e44537e7523999e738f198826a0fd4231233a6fe8f8
SSDEEP

96:11fS6G7H5QXf2G3yX7ehg0Vx2rLqwRP4xs4kbwW3OtvXKi1S:TS6eW367yjEZKBk73uPKf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/reachmailpwd.exe

Files

4c008b175bdb22c0fbd1cc8146b065fe_JaffaCakes118
.zip
reachmailpwd.c
reachmailpwd.exe
.exe windows:4 windows x86 arch:x86

741c1111940755d6f45262bf0a9cd9ad

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

ExitProcess
GetModuleHandleA
GetProcAddress
SetUnhandledExceptionFilter

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_iob
_onexit
_setmode
atexit
exit
fclose
fgetc
fgets
fopen
fwrite
perror
printf
puts
setbuf
signal
strchr
toupper

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 96B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE