ba540573e17f3705c24a0f14e81bc44d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ba540573e17f3705c24a0f14e81bc44d_JaffaCakes118
Size

742KB
MD5

ba540573e17f3705c24a0f14e81bc44d
SHA1

9fbd1a70a15e198d2c0471b9f09e8048344a546c
SHA256

cd3955234b58fd0572457ff2ef29bfc9ba059e0358c86fb3736892c937adfc79
SHA512

9f478db7d97ef26f187cabee4d0d813bfe0882a9f089e7e23b8aca5631a66de9329c6e42df55155908849899b3135d9af7ae759c1f6b2f90ab7e8735342d0da1
SSDEEP

12288:KcRMMFWX3ek3qYvWcYjUi0e92mUE2MFrY1qRWlR5Tb3q1zgsnHzN6aRuO3:KcRMMgHeXYvWVjUi0hxExFrAqRGPTLep

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ba540573e17f3705c24a0f14e81bc44d_JaffaCakes118

Files

ba540573e17f3705c24a0f14e81bc44d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b05755d8d552e7071e098bb6b10fb48c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileStringA
GetConsoleAliasA
GetEnvironmentVariableW
InitializeCriticalSection
GetDriveTypeA
HeapCreate
GetCurrentProcessId
SuspendThread
GetCurrentThreadId
CreateEventW
FindClose
LoadLibraryW
TlsGetValue
GlobalFlags
ResumeThread
FindAtomA
LocalFree
lstrlenW
GetNumberFormatA
WriteFile

user32

GetSysColor
DispatchMessageA
CallWindowProcW
GetKeyboardType
GetSysColor
GetClientRect
EndDialog
DrawStateW
GetClassInfoA
CreateWindowExA
SetFocus
DrawTextA
IsWindow

resutils

ClusWorkerStart
ClusWorkerStart
ClusWorkerStart
ClusWorkerStart
ClusWorkerStart

clbcatq

DllGetClassObject

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 732KB - Virtual size: 731KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ