36ac4389cfd0fc89a785f570971f4128_JaffaCakes118

General

Target

36ac4389cfd0fc89a785f570971f4128_JaffaCakes118
Size

952KB
MD5

36ac4389cfd0fc89a785f570971f4128
SHA1

3e93cc525575ad42be4d999c97b95c715864d93d
SHA256

ce35bc58797adcdcaf8134b5fb88e6261997c65b8c656ed595b84a5b7fa35771
SHA512

496dde6d8595f621efd501bc7889620359ec206cb61116ede8da7bd308affa488be3ba9a09b61f6df7f4773fbf1e85e9836314707a5d68bcd34f933786f1e622
SSDEEP

24576:kPZMK6EFx4uFCy9lhRtUtlw7mJbSyY8t:DKlxU+Tklw7mp9Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36ac4389cfd0fc89a785f570971f4128_JaffaCakes118

Files

36ac4389cfd0fc89a785f570971f4128_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8be1f6737fd71c592e3caf5089b03102

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\WINDOWS\setup.pdb

Imports

kernel32

GetProcAddress
GetModuleHandleA
LoadLibraryA
FreeLibrary
FormatMessageA
GetStdHandle
GetLastError
WriteConsoleA
LocalFree
MultiByteToWideChar
GetModuleFileNameA
CreateFileA
SearchPathW
FindResourceA
LoadResource
CreateProcessW
GetTickCount
GetWindowsDirectoryA
WriteFile
Sleep
SizeofResource
Beep
ReadFile
SetCurrentDirectoryA
CopyFileA
LockResource
GetCurrentDirectoryA
CloseHandle
ResumeThread
lstrlenA
lstrcpynA
HeapAlloc
GetCurrentProcess
HeapFree
GetProcessHeap
GetVersionExA
lstrcpyA
GetCommandLineA
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
ExitProcess
LCMapStringA
WideCharToMultiByte
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
InitializeCriticalSection
RtlUnwind
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetStdHandle
GetConsoleOutputCP
WriteConsoleW
HeapSize
FlushFileBuffers

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 776KB - Virtual size: 776KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8be1f6737fd71c592e3caf5089b03102

Headers

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 72KB - Virtual size: 69KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 16KB - Virtual size: 20KB

.rsrc Size: 776KB - Virtual size: 776KB

.text
Size: 72KB - Virtual size: 69KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 16KB - Virtual size: 20KB

.rsrc
Size: 776KB - Virtual size: 776KB