36f5da13044dbe8df6031f8d997ade47_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

36f5da13044dbe8df6031f8d997ade47_JaffaCakes118
Size

9KB
MD5

36f5da13044dbe8df6031f8d997ade47
SHA1

5ecf6f5ad6f5b7c55c4f3c581344e40fb1fda250
SHA256

1ee61ca039f1d90b73b051521802b259b97f471a98f13d57000250476535ffde
SHA512

8abdc67e24a9bf4f2d7bd40cc1e406bf61f9424dbbf7a1b5249bc5e6f71999417d3f728bcbad9d39edaea8608ace0c12743dd0e168fa4f02c4178f22a899a356
SSDEEP

192:vQyenegYlGZa/E833FbyLbVPqTSHZ8XDZBXlXQV0IPWf/DCWP:vse7lGaMD8XpQV0iWf/DCWP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36f5da13044dbe8df6031f8d997ade47_JaffaCakes118

Files

36f5da13044dbe8df6031f8d997ade47_JaffaCakes118
.exe windows:4 windows x86 arch:x86

da5addf43d770296cefc2375f8aebb73

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
CreateMutexA
lstrcmpiA
lstrcatA
GetModuleFileNameA
FreeLibrary
GetCurrentThreadId
ExitProcess
LoadLibraryA
GetCurrentProcessId
lstrcpyA
WaitForSingleObject
CreateProcessA
CreateToolhelp32Snapshot
GetTickCount
GetSystemDirectoryA
CreateThread
GetProcAddress
Sleep

user32

MessageBoxA
wsprintfA
GetMessageA
TranslateMessage
DispatchMessageA
PostMessageA

advapi32

RegOpenKeyA
RegCloseKey
RegEnumValueA
RegOpenKeyExA

msvcrt

fgets
_except_handler3
strchr
_itoa
fgetws
fopen

Sections

.data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ