036834b6a57dd4709bad2461fc8d0d9f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

036834b6a57dd4709bad2461fc8d0d9f_JaffaCakes118
Size

83KB
MD5

036834b6a57dd4709bad2461fc8d0d9f
SHA1

1c28f734e0d59d9471787cbba25b6c6c983e147d
SHA256

57ac465c1cf2dfaa744223201a08d1207cb36dac422dbadf39d824441e406700
SHA512

f77a233cf1b95950fca73a616b016faa34961ac22dd3639a3f8fcc3a71a20bde863a36fedaea5d6ce2523987b51868ec4a113ce53af6f63837153d4940c7f3ad
SSDEEP

1536:nJIIIIGU04JEWgEqpj70zGVFMZj/0lhwjF7aYWCWz61WjEErxTWDTMqhGKYIZTEX:JIIIIttZj/0l2F79dWeWjBkMqhGKZTb1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
036834b6a57dd4709bad2461fc8d0d9f_JaffaCakes118

Files

036834b6a57dd4709bad2461fc8d0d9f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5f10617623dd1fe7117b4df5d25ac113

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstVolumeMountPointA
FlushFileBuffers
IsBadReadPtr
LCMapStringW
GetProcessWorkingSetSize
Heap32ListNext
SuspendThread
RtlZeroMemory
OutputDebugStringA
GetComputerNameExA
RemoveDirectoryA

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rdata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zrdata
Size: 27KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE