36264f8be73a6e6903cc37e29eeb48c5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

36264f8be73a6e6903cc37e29eeb48c5_JaffaCakes118
Size

178KB
MD5

36264f8be73a6e6903cc37e29eeb48c5
SHA1

ecc088d2507deca4302f4e7ac14a40565fc3a224
SHA256

2f649dfe655736059faaa9daaa1a1056e9b9374f91e869aa0bf22eb6d8f5eda4
SHA512

13bd73048380d7fb7e77372117509af6f5cefef771e05ddbbf08c52a40e54b0991af36d3bebe8bae36624937e45674fb81ca6b2e706a253fda6f0bbdda5055a5
SSDEEP

3072:TrNWwTdJJmaQGg3DuGrTxEP5O1ncicyzIIIL6R3Cai17pcU7FFrLUQJ7bA9ISGF/:T/J7Q33Du4xEP2ncicA46pY7pc2FHJ7h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36264f8be73a6e6903cc37e29eeb48c5_JaffaCakes118

Files

36264f8be73a6e6903cc37e29eeb48c5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

20a6e55c4e7152537465f431c759b4fa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFirmwareEnvironmentVariableW
LCMapStringW
SetStdHandle
GetModuleHandleA
LoadLibraryA
GetSystemInfo
LCMapStringA
DeleteCriticalSection
EnumResourceTypesA
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
GetLongPathNameA
LocalAlloc
LocalFree
GetProcAddress
GetLastError
GetStringTypeA

ole32

OleSave
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc

wininet

InternetReadFile
InternetOpenA
InternetOpenUrlA
InternetCloseHandle

gdiplus

GdipCloneImage

winmm

timeGetTime
timeSetEvent

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ