a36c74ba86a72ac3bdff4a74c22bab84_JaffaCakes118 | Triage

Sharing

General

Target

a36c74ba86a72ac3bdff4a74c22bab84_JaffaCakes118
Size

4KB
MD5

a36c74ba86a72ac3bdff4a74c22bab84
SHA1

3c3d7bc599da138db4e3e6a2f3084c57723949ee
SHA256

080d04d3b80c579dbb84106aa7842916b42122a89ec2560e2c98ef464eec6471
SHA512

d833d6deb112b7c73c3ea15e96d5dc21cede9068e3771bf1293436dfad2f0646779329f207a059418610b93b874db87fe87d679720ddd6f3dd24cd10983ef894
SSDEEP

96:H3epsbhYnIgadwD2F61Ofy4dSnLS2HyYa02w1W1K+lK:HupsbQaySF61yy4c9HLawglK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/wupdmgr.exe

Files

a36c74ba86a72ac3bdff4a74c22bab84_JaffaCakes118
.cab
wupdmgr.exe
.exe windows:4 windows x86 arch:x86

c70fc1791e52f2b85087d26377640c2c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

crtdll

memset
strlen
memcpy
strcpy
strcat

kernel32

GetModuleHandleA
HeapCreate
GetWindowsDirectoryA
HeapDestroy
ExitProcess
Sleep
HeapAlloc
InitializeCriticalSection
GetCurrentProcess
DuplicateHandle
CloseHandle
CreatePipe
GetStdHandle
CreateProcessA
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
HeapFree
HeapReAlloc

shell32

ShellExecuteExA

Sections

.code
Size: 512B - Virtual size: 439B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.flat
Size: 512B - Virtual size: 7B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE