36481ff167700c65994a17cc5b4a9a42_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

36481ff167700c65994a17cc5b4a9a42_JaffaCakes118
Size

154KB
MD5

36481ff167700c65994a17cc5b4a9a42
SHA1

3f4ff7a17308eeb6a7214054cde844fd26ec06db
SHA256

b963b05b4823591d734ec76e53635c39b7ad8d7006d2ccf9eb4d491a93269cd8
SHA512

336b9976a5a6bd0f96dff4556bcd0f54e51611c36b06cf3f2aae134268f2edbd4fafc6c3d9eafd3367edfb1aab2188d4425ba3a9ba6a179dafabb695536bdd4e
SSDEEP

3072:bqG8Y/JD4s7tt5ZYeZpx0hZBCwFI6rtQ+TJQG6FEpLkD2RyveH:bvn/JD4CHh10hZBCabrtQ+TJQFCLXRym

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36481ff167700c65994a17cc5b4a9a42_JaffaCakes118

Files

36481ff167700c65994a17cc5b4a9a42_JaffaCakes118
.exe windows:4 windows x86 arch:x86

dabe2b6cbd7a8895b4d2ea255f96fc7f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
InterlockedCompareExchange
HeapAlloc
SetPriorityClass
GetLocaleInfoA
MulDiv
RaiseException
TerminateProcess
IsDebuggerPresent
GetCurrentProcessId
GetThreadLocale
GetTempFileNameA
EnumResourceTypesA
GetSystemTimeAsFileTime
GetACP
SetUnhandledExceptionFilter
InterlockedExchange
GetVersionExA
HeapFree
GetLocaleInfoW
UnhandledExceptionFilter
GetPrivateProfileIntA
CreateProcessA
GetProcessHeap
GetCurrentProcess
GetStartupInfoA
GetTempPathA
QueryPerformanceCounter
TlsFree

ole32

CoMarshalHresult
CreateItemMoniker
CreateStreamOnHGlobal
CoInitialize
CoInitializeEx
CoCreateInstance
CoRevokeClassObject
CoTaskMemFree
StringFromGUID2
StringFromCLSID
CoRegisterClassObject
GetRunningObjectTable
CoUninitialize
CLSIDFromString
CoFreeUnusedLibraries
CoTaskMemAlloc

gdiplus

GdipGetImageWidth
GdipDisposeImage

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ