36e677d324e1661939713f2c4896029c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

36e677d324e1661939713f2c4896029c_JaffaCakes118
Size

196KB
MD5

36e677d324e1661939713f2c4896029c
SHA1

9c797e20f16dd08e225e8bd7c9e2a116d0f8e2b9
SHA256

ce46e764f9486f958b7113a00653cf05126379973fdb6cc6903e57da8a2a31ac
SHA512

5a50c32cad8a81e139c9aaf6a48b7da6e3d982789b37eadec389ec6801573cfb6df28a3bf5ce119063e9f77868e1be72f4a6671aa14a1f5cf17147619fd84025
SSDEEP

6144:QrlalQ+RB9Z5Rt5Vhdc/hb7Av7+JYiwmtMqdWW//X09q61H575J2HMhKLx:z+NAvIYzmtlR/KTqmK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36e677d324e1661939713f2c4896029c_JaffaCakes118

Files

36e677d324e1661939713f2c4896029c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

12efca7533e0c6e17d2d82e322eec78c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

IsCharLowerA
EnumChildWindows
SetWindowTextA
IsCharAlphaW
SetWindowLongW
GetDesktopWindow
GetActiveWindow
DialogBoxParamA
MoveWindow

ole32

CoRevokeClassObject
CoEnableCallCancellation

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

kernel32

GetStartupInfoA
HeapFree
GetTickCount
GlobalHandle
SizeofResource
LocalFree
HeapDestroy
HeapCreate
GetThreadPriority
LoadResource
FindResourceExA
LocalAlloc
FreeLibrary
GetProcAddress
LoadLibraryA
DeleteCriticalSection
InitializeCriticalSection

Sections

.text
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ