36dbbea78ae3a471c7bc109863f9186c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

36dbbea78ae3a471c7bc109863f9186c_JaffaCakes118
Size

198KB
MD5

36dbbea78ae3a471c7bc109863f9186c
SHA1

e1f50f8f0ed5fb0f897d2ea73af798ee79c9055a
SHA256

a9ae9b44d9f00a9ebf4bc8d8ebb8daf97066fb1e0597e37fd22d40765c6b6219
SHA512

8be579f42f1c35ea8521331e35ce53b1a8b8599065acfb955bbf9983e1707a81d526e7b4700e879f07a5dab886812fdf21fe17cc6332d5c23f8bb9f704345b29
SSDEEP

3072:Lrfe41oZKUnvMAixTpEij9hbthAiUBHPdPi0sE22F0bJtPKdbuL9w/:LKXnkd7F6HBRn0bfPKZwC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36dbbea78ae3a471c7bc109863f9186c_JaffaCakes118

Files

36dbbea78ae3a471c7bc109863f9186c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c0df18110b2f7bb574d06cf232e375fb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLastError
CopyFileA
DeleteFileW
GetUserDefaultLangID
QueryPerformanceCounter
GetWindowsDirectoryA
GetProcessHeap
GetVersion
GetConsoleOutputCP
GlobalFindAtomW
lstrlenA
GetCurrentThreadId
GetTickCount
GetCurrentThread
lstrcmpiW
GlobalFindAtomA
GetModuleHandleW
lstrlenW
GetThreadLocale
Sleep
DeleteFileA
lstrcmpiA
GetCommandLineW
GetModuleHandleA
GetACP
RemoveDirectoryA
IsDebuggerPresent
MulDiv
GetOEMCP
lstrcmpA
GetCurrentProcessId
GetStartupInfoA
SetCurrentDirectoryA
GetCommandLineA
GetDriveTypeA
LoadLibraryW
GetLastError
VirtualAlloc

user32

GetDC
GetSystemMetrics
CharNextA
GetDesktopWindow

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ