36c84b60c608d89812cdc9d4a923a40b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

36c84b60c608d89812cdc9d4a923a40b_JaffaCakes118
Size

25KB
MD5

36c84b60c608d89812cdc9d4a923a40b
SHA1

65043221049ea0c52a607297a8390445c233e19d
SHA256

eec63e32a853e95eee5c26a51cba6ab3e00ce5e3fc7bb7b5f212a6eca3da8488
SHA512

78a22a041e2754fd06e868d4508b98edd3f1d3854144d0f4f9f909270dbda450b9c3a02472c950c720c9bd138a4722c520a808b8ac86c30795c271b6a7aa78ce
SSDEEP

384:iJkc/vx4aW8Qc9JT2z58wWRj4NKEEglR7LzchIc5EKCyZQi9vW:O3ZtQ42inlcK7Ibc3Cyh0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36c84b60c608d89812cdc9d4a923a40b_JaffaCakes118

Files

36c84b60c608d89812cdc9d4a923a40b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fef67d08bf200a4d83bf6a51bf5cccd1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
CloseHandle
GetCommandLineA
GetModuleHandleA
GetTickCount
CreateEventA
GlobalAlloc
CloseHandle
FreeLibrary
Sleep
lstrcpyA
GetStartupInfoA
GlobalFree
LocalAlloc
LocalFree
GetVersionExA
GetVersion
GetLastError
GetFileSize
lstrcatA

gdi32

GetTextExtentPoint32A
GetObjectA
CreateSolidBrush
PatBlt
BitBlt
CreateFontIndirectA
GetDeviceCaps
MoveToEx
ExtTextOutA
LineTo
SetBkMode

user32

DispatchMessageA
GetWindowRect
GetFocus
ShowWindow
LoadIconA
GetSysColor
CreateWindowExA
DefWindowProcA
GetMessageA
MessageBoxA
DestroyWindow

msvcrt

exit
toupper
__set_app_type
_except_handler3
_initterm
__p__commode
_adjust_fdiv
__getmainargs
wcschr
__setusermatherr
_c_exit
_acmdln
__CxxFrameHandler
memmove

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrs
Size: 389KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ