36d513def70f37fffb654606c8c6d860_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

36d513def70f37fffb654606c8c6d860_JaffaCakes118
Size

85KB
MD5

36d513def70f37fffb654606c8c6d860
SHA1

9df531ceea3a14a666e40e7ee8a27635421e1911
SHA256

2b3cfbc575a98ea7e6add498f42d1eb2cc4191cd00e4d82b00353d52ba34369a
SHA512

ccd4d832ec3a2f6bf275a1fdb631932b4d50294efe3b2207b720d55ce13a210966d0277456fb73b10b8f2ad2057d8483721750975293263205419c7cd39da22d
SSDEEP

1536:o+DPdFMpi6VD4+Pb4/ZuZW1uMtnhdUeGctW9PuKOzTy/RIJSrLT/:XsI8PbmZsWkWh6iW5OP2RIw/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36d513def70f37fffb654606c8c6d860_JaffaCakes118

Files

36d513def70f37fffb654606c8c6d860_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c17710329b3d64669ccff5ba0baf3ce3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

abort
malloc
_errno
free
fflush
exit
strcmp
fclose
__dllonexit
memmove
_except_handler3
fwrite
__p__commode
_initterm
_adjust_fdiv
signal
__getmainargs
strcpy
__setusermatherr
__p__fmode
_exit
_acmdln
fopen
_XcptFilter
cos

kernel32

GetModuleHandleW
GetStartupInfoA
VirtualProtect

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 674B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ