40611961d2d417dedce521cc3cf72d07_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

40611961d2d417dedce521cc3cf72d07_JaffaCakes118
Size

312KB
MD5

40611961d2d417dedce521cc3cf72d07
SHA1

4956431bd613ab4907acc1a5a82c8ff7eb152d16
SHA256

dbf8a8ca1dec6adc60a747166e6b4c0b1898fad2b6963064fb26b06da85a881e
SHA512

85aeed8c21ad0bc6b21eb237d3244b118b05aec48814f5eb3b27ee83e816b58b69ba900bba755fd853b6cad31983a9139b76a9d881aa40cac16efc5064a0bd9d
SSDEEP

6144:Wbn8YMs5a8nqK7eEvRoOY5Oka6Q2iH0699R2rF531xjk:cn8FK7eEvyOY8kb/c4p91K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40611961d2d417dedce521cc3cf72d07_JaffaCakes118

Files

40611961d2d417dedce521cc3cf72d07_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6818bf577f140ed91b6f4ca0e3f0d85b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
TlsGetValue
GetOEMCP
CompareStringA
CreateMutexA
TlsFree
GetPriorityClass
SetEvent
GetConsoleCP
CreatePipe
IsDBCSLeadByte
CreateThread
GetStdHandle
VirtualAlloc
ReleaseMutex
GetUserDefaultLangID
GetShortPathNameA
GlobalFindAtomA
GetExitCodeThread
GetModuleHandleA
GetThreadLocale

user32

GetWindow
GetSystemMetrics
GetForegroundWindow
ValidateRect
GetActiveWindow
GetDC
GetWindowTextA
GetClassInfoExA
RegisterClassA
IsIconic
ShowWindow
GetFocus
CloseWindow
GetClassNameA
ReleaseDC
IsWindowVisible
InvalidateRect
GetWindowTextLengthA
ReleaseDC

shell32

SHChangeNotify
SHCreateShellItem
SHBrowseForFolderA
SHGetFileInfoA
SHGetFolderPathA

ntdsapi

DsBindA

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 688KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ