228cd65e312cdb2d36ee365f063000c0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

228cd65e312cdb2d36ee365f063000c0_JaffaCakes118
Size

742KB
MD5

228cd65e312cdb2d36ee365f063000c0
SHA1

06f894a905a8e38f15a03247c9174f20bb484511
SHA256

7ca15e3b034abce4832128af88dc35ceedf4eeca266ec657c64056c6daa83fe4
SHA512

d5b0459edaa58f2f524e21dab35186856ebdc2a0f8f8679699572939001c42b7ff44b19863848b873fce4231904b0e0e8177dfc1866235dfa14802b4f94c44ae
SSDEEP

12288:YcJRM6VWkzqwxYRtc4Zss8+KNTnfQxw6OpepVSYgx1IR9qjseLJ883W0uxcGPKvh:YcJRMgVhSOxvxnymgpVSYeIYseLJ8yWm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
228cd65e312cdb2d36ee365f063000c0_JaffaCakes118

Files

228cd65e312cdb2d36ee365f063000c0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1798484f96451a03513211801b38f8b2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetNumberFormatA
ResumeThread
CreateEventW
GetPrivateProfileStringA
SuspendThread
HeapCreate
GetEnvironmentVariableW
GlobalFlags
GetDriveTypeA
LocalFree
FindClose
lstrlenW
TlsGetValue
GetConsoleAliasA
GetCurrentProcessId
FindAtomA
LoadLibraryW
GetCurrentThreadId
InitializeCriticalSection
WriteFile

user32

GetClientRect
CreateWindowExA
CallWindowProcW
EndDialog
GetClassInfoA
IsWindow
DrawTextA
GetSysColor
DispatchMessageA
SetFocus
GetKeyboardType
GetSysColor
DrawStateW

resutils

ClusWorkerStart
ClusWorkerStart
ClusWorkerStart
ClusWorkerStart
ClusWorkerStart

clbcatq

DllGetClassObject

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 732KB - Virtual size: 731KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ