36a974201fdf86fc80abb89481f87c1a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

36a974201fdf86fc80abb89481f87c1a_JaffaCakes118
Size

3KB
MD5

36a974201fdf86fc80abb89481f87c1a
SHA1

c57cf188fdc6bcd184879739c9da1dc702065331
SHA256

2db1b4f79695a8b7f2652ab122154d2ac9a09e7eaed871a8922951b060b352af
SHA512

5a6729f799698b2176e4dc0edc04d5993c2676998e2895d0f06d06c9e6cdb05e296e0c6f8bcc025c281303e1bc2a4381865acde121cb60e4e21cb3dde58c10ac

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36a974201fdf86fc80abb89481f87c1a_JaffaCakes118

Files

36a974201fdf86fc80abb89481f87c1a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

56857e30cc18104b67b0cffa85bb4add

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVolumeInformationW
CreateProcessW
CreateRemoteThread
CreateThread
DefineDosDeviceW
ExitProcess
GetCommandLineW
GetCurrentProcessId
GetDriveTypeW
GetExitCodeProcess
GetLogicalDrives
GetModuleFileNameW
CreateProcessA
OpenProcess
ReadProcessMemory
ResumeThread
Sleep
SuspendThread
VirtualAllocEx
VirtualProtectEx
WriteProcessMemory

user32

MessageBoxA

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE