e193a3a955147f9a14085e5225b0f2ab_JaffaCakes118 | Triage

Sharing

General

Target

e193a3a955147f9a14085e5225b0f2ab_JaffaCakes118
Size

371KB
MD5

e193a3a955147f9a14085e5225b0f2ab
SHA1

6a4140274b98fda38ced610a454c3b1be7e81d7e
SHA256

0c9bbec2c379ae5bb17c8ca6b36566ad9fff013d9d7a124bf06f33b5d3561eb1
SHA512

bf8a46299e96f55ecae824bf625efa7c25925fa1ae92bf5e773abd85ed6055409e5088000567b8a803c84d35aae7eb07adf58f015f352ff06a53411cd1712468
SSDEEP

6144:OaDT3RM/LKP9EoxGcTYNh91DQJ7w6Mcx8MYeWKnEWYzXTz+VNypJOVglH5fDsf1D:OaDT3RM9L9/u5Wcxr8/frTzcNS0G3fDs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e193a3a955147f9a14085e5225b0f2ab_JaffaCakes118

Files

e193a3a955147f9a14085e5225b0f2ab_JaffaCakes118
.exe windows:4 windows x86 arch:x86

810dbd54bf9c1fe8785a43fbd6aae4da

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindAtomA
TlsGetValue
InitializeCriticalSection
GetPrivateProfileStringA
LocalFree
FindClose
GetCurrentThreadId
GlobalFlags
GetNumberFormatA
GetDriveTypeA
GetEnvironmentVariableW
SuspendThread
GetConsoleAliasA
WriteFile
ResumeThread
LoadLibraryW
CreateEventW
HeapCreate
GetCurrentProcessId
lstrlenW

user32

IsWindow
CallWindowProcW
DispatchMessageA
GetKeyboardType
GetSysColor
GetClassInfoA
SetFocus
DrawTextA
DrawStateW
GetSysColor
EndDialog
GetClientRect
CreateWindowExA

resutils

ClusWorkerStart
ClusWorkerStart
ClusWorkerStart
ClusWorkerStart
ClusWorkerStart

clbcatq

DllGetClassObject

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 488KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 361KB - Virtual size: 361KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ