42bf08605f1a07846c0eb176c3c5a5b9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

42bf08605f1a07846c0eb176c3c5a5b9_JaffaCakes118
Size

328KB
MD5

42bf08605f1a07846c0eb176c3c5a5b9
SHA1

7b90ccceaaec5a2c48859762de329e697e622df2
SHA256

5b7d40dfc8152ee2ec03c4722a39414d1d35cba0ee4d83ff6979ccae3babc1b7
SHA512

41e322ca644615a56f70a63259607ae3d97322a5966947bf2507733779af5de7122009e21d4cfd95bc24a6106c09547cd83fb094f70a3b6b7d25872adc02aca8
SSDEEP

6144:+AK8PwjNi1eM3OcQ7C5ytkvG6hQOAtEiWSbj8Tg9tyE7ejCd4a:n9Y5ioSsC5+BIK4Tg9EEigR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42bf08605f1a07846c0eb176c3c5a5b9_JaffaCakes118

Files

42bf08605f1a07846c0eb176c3c5a5b9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5c6e197ad7322c75a3cdc52fed9e0c44

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
GetTickCount
GetCommandLineW
LocalFree
LoadLibraryW
GetModuleHandleA
lstrlenA
HeapCreate
CreateThread
GetComputerNameA
GetSystemTime
CloseHandle
SetEvent
PulseEvent
CreateFileA
GetConsoleTitleA
SetLastError
LocalUnlock
UnmapViewOfFile
GetCurrentDirectoryA

user32

GetDC
CallWindowProcA
GetKeyState
GetScrollBarInfo
IsWindow
FillRect
GetDlgItem
CheckRadioButton
DrawEdge
SetFocus
DrawMenuBar
DispatchMessageA
CreateWindowExA

clbcatq

DowngradeAPL
CheckMemoryGates
SetupOpen
SetSetupOpen
UpdateFromAppChange

desk.cpl

InstallScreenSaver

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 732KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ