36d1c97dcb2db3d93f1dde21d6f8f014_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

36d1c97dcb2db3d93f1dde21d6f8f014_JaffaCakes118
Size

55KB
MD5

36d1c97dcb2db3d93f1dde21d6f8f014
SHA1

bfa4b448ad269d7d4925822e823c3bd2c8537a45
SHA256

154610a5ba5c479d70015590722cded9c4238929cf164be4090bcdfa67fdd008
SHA512

bedbc687609aabe37fea3af0297bc67b65d00b35a422eadc95ea6e0e564332e36dba3fd3a347662180ff592f714292b287c05ebf119cf63df07166540478c62c
SSDEEP

768:5X9vuGeehoZbFGblzsxJS6rzBTudgDPf9FPdJe0nIv1EoSkWrmDqQqI1zqzO0PX9:5XJpFhUCx+SEzNudgTPoIXQEx3LJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36d1c97dcb2db3d93f1dde21d6f8f014_JaffaCakes118

Files

36d1c97dcb2db3d93f1dde21d6f8f014_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5ba8d3e39ea9451634164197727b9862

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetBkColor
SetTextColor
BitBlt
SetBkMode
CreatePen
LineTo
Ellipse
StartDocA
RestoreDC
SelectClipRgn
CreateRectRgn
DeleteDC

advapi32

LookupAccountSidA
LookupPrivilegeNameA
IsValidSid
RegQueryValueExA
GetSidSubAuthorityCount
RegCloseKey
LookupPrivilegeValueA
EqualSid
CreateProcessAsUserA
ControlService
GetTokenInformation
GetKernelObjectSecurity

user32

SetTimer
IntersectRect
PeekMessageA
wsprintfA
IsDialogMessageA
UnionRect
DialogBoxParamA
ClientToScreen
GetDC
InvalidateRect
IsIconic

kernel32

IsValidCodePage
WaitForSingleObject
GetCommandLineA
GetProcessHeap
SetProcessWorkingSetSize
GetEnvironmentStringsW
lstrcpynA
GlobalReAlloc
ReadProcessMemory
FreeEnvironmentStringsW
GetCurrentProcessId
SetErrorMode
TlsSetValue
GlobalUnlock
GetVersion
GetCurrentDirectoryA

Sections

.text
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ