036dd62fce5adb42f6129b58d2ee0b15_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

036dd62fce5adb42f6129b58d2ee0b15_JaffaCakes118
Size

327KB
MD5

036dd62fce5adb42f6129b58d2ee0b15
SHA1

feb3dcde384044ca19213dad0730504db72a127c
SHA256

da716c0586fe1072d4c0af206df6f6ffcfbfe9208f343d6faa23c9e7171762e0
SHA512

a53b70b4aa31ea73577829936d823e004e91a542ca459f7fb5f3fa09a636185b45011d1fe131dc38a8f4ecf3785ef44ddc2a2234fef1b019f948e475ead3e23d
SSDEEP

6144:D15bpjqCXbTrsJc0lQFpEN3eLQc8wu+udS:D13BbEr3N3eLd8wu+udS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
036dd62fce5adb42f6129b58d2ee0b15_JaffaCakes118

Files

036dd62fce5adb42f6129b58d2ee0b15_JaffaCakes118
.exe windows:4 windows x86 arch:x86

28c132dafbda579d868c4e6bd59978da

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProfileIntA
GetModuleHandleA
GetOEMCP
GlobalFlags
VirtualAlloc
GetUserDefaultLangID
GetStdHandle
GetTapeStatus
ReleaseMutex
GetProfileStringA
FindAtomA
GlobalFree
LocalHandle
GetVolumePathNameA
GlobalLock
CreateJobSet
EnumDateFormatsA
EnterCriticalSection
ExitProcess
GetProcessHeap
CreateMailslotA

user32

GetDC
GetWindowTextA
GetWindow
GetClassInfoExA
GetActiveWindow
GetWindowTextLengthA
GetParent
IsIconic
ReleaseDC
ValidateRect
BeginPaint
GetFocus
CloseWindow
ShowWindow
EndPaint
GetClassNameA
GetForegroundWindow
RegisterClassA
DrawEdge

shell32

SHGetFileInfoA
SHGetMalloc
SHGetFolderPathA
SHChangeNotify
SHBrowseForFolderA

userenv

GetGPOListA

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 996KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ