36738ca7976098ee8249ccb028ac1a96_JaffaCakes118 | Triage

Sharing

General

Target

36738ca7976098ee8249ccb028ac1a96_JaffaCakes118
Size

155KB
MD5

36738ca7976098ee8249ccb028ac1a96
SHA1

e5fe0ccfd5d6772a423ff0926e5dfa54582800da
SHA256

b4bf277c99ebdec83e911e217c9b55a0e9b20051effa4ffac914420242da52b5
SHA512

f9c9c2949e33e95b3ac82a43f3c5c68a6dcce58ffca9d0315970ae1547128c148068f2cb7c453ad8c58987ffc6455723c716da058cf7db98c74c3d1726a06138
SSDEEP

3072:hAGldVApMP682mRyrL5KBWCAmiR0PB4IcL5DI:hzVACJRuL5KQlmiC4IcZI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36738ca7976098ee8249ccb028ac1a96_JaffaCakes118

Files

36738ca7976098ee8249ccb028ac1a96_JaffaCakes118
.exe windows:4 windows x86 arch:x86

60dbcd97384ec4800a5baa539e517604

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RemoveDirectoryW
CreateDirectoryW
ReleaseMutex
ExitProcess
LoadLibraryA
CreatePipe
SetLastError
CreateFileMappingW
HeapSize
CreateFileA
lstrlenA
GetStartupInfoA
GetStdHandle
VirtualProtectEx
ReleaseSemaphore
GetFileSize
CreateMutexA
RemoveDirectoryW
GetVersion
GetCommandLineW
MapViewOfFile
DeleteFileA
HeapDestroy
SetLastError
OpenEventW

uxtheme

GetWindowTheme
CloseThemeData
IsThemeActive
GetThemeBool
DrawThemeEdge
GetThemeTextExtent
GetThemeSysSize
GetThemeColor
DrawThemeBackground
CloseThemeData
GetThemeTextMetrics
SetWindowTheme
OpenThemeData

hhsetup

??0CFIFOString@@QAE@XZ
??0CFIFOString@@QAE@XZ
??0CFIFOString@@QAE@XZ
??0CFIFOString@@QAE@XZ

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 760KB - Virtual size: 760KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE