36f53a7b20fc8b2d28e54097015ceb22_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

36f53a7b20fc8b2d28e54097015ceb22_JaffaCakes118
Size

250KB
MD5

36f53a7b20fc8b2d28e54097015ceb22
SHA1

dd6bc30d8d5a469482271dd461010cb28499f815
SHA256

bd451081a31cab1f706f33fb254214e4688e67e6399278c1d2dc404cc0dd2525
SHA512

98d526bf5f95c76fad49acec0a37e024950ff375e36cfe8fdf0de6e6e6f44e09fef4cff5fc4c9754591e857bb656ea4e25ac4a423892bfd3478d9b8023c0d37f
SSDEEP

6144:OQKgM8e/EnG3/o5/H06CC1X30JXIWc6C/yFnfE614:OQKgM84vS06l1AX73wyFnft14

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/kg.exe

Files

36f53a7b20fc8b2d28e54097015ceb22_JaffaCakes118
.zip
kg.exe
.exe windows:4 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Sections

.text
Size: 241KB - Virtual size: 728KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE