61cbc10871d6276cf4846cc444780a80_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

61cbc10871d6276cf4846cc444780a80_JaffaCakes118
Size

741KB
MD5

61cbc10871d6276cf4846cc444780a80
SHA1

00a018b33c0b1221117e156826b485bbb7fc334a
SHA256

9f323e5d06b3f5f4a22ec3a043db9fcd254640d0794fbe44a670350edd9fb954
SHA512

e99996c5acdec58d879d5d7f2223c8df8ff45c24dbeee545b156b419be11cd5d6b910b19393444cd341167e22da982c8788f835f3f1bbe8e2d90aad6ea63fa99
SSDEEP

12288:ZAqRMs2ux5n130KaH6DxwVLvkBxxxLFyV0UkgtZi7lPSrrGZPXXvzAVnpzO/tko3:ZnRM8x5n1kXrMxLFvUvtEYr2PXXv8z+5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
61cbc10871d6276cf4846cc444780a80_JaffaCakes118

Files

61cbc10871d6276cf4846cc444780a80_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ba3496909ebfd497b969a1f50cc80d65

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryW
LocalFree
FindClose
GetDriveTypeA
GetFileTime
WriteFile
ReleaseMutex
GetCurrentThreadId
IsBadStringPtrW
ReleaseMutex
InitializeCriticalSection
lstrlenW
HeapCreate
GetPrivateProfileStringA
GlobalFlags
TlsGetValue
FindAtomA
CreateEventW
GetCurrentProcessId
GetEnvironmentVariableW

user32

EndDialog
GetKeyboardType
GetSysColor
GetClientRect
GetClassInfoA
CallWindowProcW
GetSysColor
CreateWindowExA
SetFocus
DrawTextA
DispatchMessageA
DrawStateW
IsWindow

rastapi

DeviceDone
DeviceDone
DeviceDone
DeviceDone
DeviceDone

clbcatq

DllGetClassObject

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 731KB - Virtual size: 730KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ