36f6bf0ca4dc7b1e4ce99f67667b0b72_JaffaCakes118 | Triage

Sharing

General

Target

36f6bf0ca4dc7b1e4ce99f67667b0b72_JaffaCakes118
Size

362KB
MD5

36f6bf0ca4dc7b1e4ce99f67667b0b72
SHA1

49de43128a72103913c412335011c4ed31fdb4ec
SHA256

f5d92134d7e07a1503d26a06b9cf02440cf467a044ec89b1eb6f2b21513c68b3
SHA512

9c82bd679d832404da894d870d55a21900d27472d73667a9d96b323c1e423596158c7a7fb4c7d6bab20c65433a0a50e181729c6b4284f0e8c9958ffd173c2840
SSDEEP

6144:/jo22mLRbse7ieiZYrrcqoETzOoBcuhrABzwaKPiUR:JXLRbFGeVrcqoWB/yZwaKPP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36f6bf0ca4dc7b1e4ce99f67667b0b72_JaffaCakes118

Files

36f6bf0ca4dc7b1e4ce99f67667b0b72_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b8d0321724b093f36f64a4ac6c2c0c5e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetAdaptersInfo

wininet

InternetConnectA
InternetOpenA
InternetCrackUrlA
HttpOpenRequestA
HttpSendRequestA
InternetReadFile
InternetCloseHandle

kernel32

FindResourceA
AllocateUserPhysicalPages
GetCommandLineW
MoveFileExW
ExitProcess
SearchPathA
VirtualAlloc
WriteFile
LockResource
GetShortPathNameA
GetModuleFileNameA
CreateJobObjectA
VirtualFree
SizeofResource
LoadLibraryExW
FreeLibrary
GetProcAddress
CreateFileA
GetTempFileNameA
GetModuleHandleA
GetTempPathA
WinExec
LoadResource
CloseHandle
LoadLibraryA
GetTickCount

user32

EndDialog
GetDesktopWindow
DialogBoxParamA
UpdateWindow
MoveWindow
CreateWindowExA
ShowWindow
SetDlgItemTextA
GetWindowRect

advapi32

RegCreateKeyExW
RegSetValueExW

shell32

CommandLineToArgvW

Sections

.text
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 206KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ