36eb301cce5b141c74bdbbeac4972bf3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

36eb301cce5b141c74bdbbeac4972bf3_JaffaCakes118
Size

201KB
MD5

36eb301cce5b141c74bdbbeac4972bf3
SHA1

59ca37e9d736fdbc6438e65824701cc3c2ebcba2
SHA256

71aa04a7daf749d48dec9e1d56d879c06f25a62e27e9a5ae60b96b559d3ccf9a
SHA512

a0e8477e56a8fb157493402a49e3aad9611ca68fce7b635d2dfacc4f32ad0ad4ba36348b33f033bb9a7d0754c6bc3278710c1753d5b4ca99dbf077bc84c73186
SSDEEP

3072:kuFtnNundFoiO9I1W5lvLDkCCrRRmGpZonu9apRXocXJm2c:zhN2oiz1W5VjCFRmAZEpRYc82

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36eb301cce5b141c74bdbbeac4972bf3_JaffaCakes118

Files

36eb301cce5b141c74bdbbeac4972bf3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

eade7cd24796218092774d1c289c21f5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

shell32

ShellExecuteW

user32

EnumDisplaySettingsW

kernel32

ReplaceFileW
InterlockedCompareExchange
GetCurrentProcessId
GetTickCount
SetUnhandledExceptionFilter
GetStartupInfoW
GetProcessId
QueryPerformanceCounter
EnumResourceTypesA
IsDebuggerPresent
UnhandledExceptionFilter
GetSystemTimeAsFileTime
ExitProcess
InterlockedExchange
Sleep
GetCurrentThreadId
TerminateProcess
GetCurrentProcess

clusapi

CloseCluster

Sections

.text
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ