36756681a1e059ee60a001405af49330_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

36756681a1e059ee60a001405af49330_JaffaCakes118
Size

168KB
MD5

36756681a1e059ee60a001405af49330
SHA1

5965c44931e1dfd97ee9d33e4e21acadd8c6793f
SHA256

4549f02ed3d35d164a9e3cf62fd9dabecb08bfd225d8e36fd3dd671f2eca9761
SHA512

beb163b425281a9be50a72282a77d28d7fe1dbfbbb796b1624690380faa1fe93f2cc1d9d30406925af5d1e263ac2d594a8871f67c286f81939ba4c1f1a5f0dd1
SSDEEP

3072:dBbbncBbc7vDyXvXvqXySoi5Gyg7RLJ3FwTQxK3PRcbK1lsqwqx:dVzcB477yXHGwNLVFbkPGbK1lLwy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36756681a1e059ee60a001405af49330_JaffaCakes118

Files

36756681a1e059ee60a001405af49330_JaffaCakes118
.exe windows:4 windows x86 arch:x86

72ecd0dc4c39dab675de2e48d7c9d9fc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedIncrement
IsBadReadPtr
GetThreadIOPendingFlag
GetProcAddress
CreateFileW
FreeLibrary
GetTempPathW
LoadLibraryW
TransmitCommChar
InterlockedDecrement
WideCharToMultiByte
SetEndOfFile
CompareStringW
EnumResourceNamesW
GetLastError
WriteFile
LoadLibraryA
GetModuleFileNameA
ExitProcess
CompareStringA
FlushFileBuffers
SetStdHandle
CloseHandle
MultiByteToWideChar
CreateMutexA
SetEnvironmentVariableA

msimg32

AlphaBlend
TransparentBlt

advapi32

RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA

user32

GetTopWindow
wsprintfW
GetKeyState
wsprintfA
CharNextA
CharUpperA
MessageBoxA
CharLowerA

Sections

.text
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 512B - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ