fba9f56d6e36247805eaab870f87f103_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fba9f56d6e36247805eaab870f87f103_JaffaCakes118
Size

374KB
MD5

fba9f56d6e36247805eaab870f87f103
SHA1

6b42c8c7408012e33c772f576e4fd64c3932960b
SHA256

fd14ec6eca81104e43036eb86568d9d9c016ac7fa03fe73fce19ee70cb827e48
SHA512

d9b47cfd4b859ab77d63687f36a089f1e85162a975cc2d1f3865bc466c19e0e99bc0b590c40a48ce2393c5160c7d94a8e97f53931544998ffb88525163744d75
SSDEEP

6144:923RM+MKP9EoxGcTYNh91DQJ7w6Mcx8MYeWKnEWYzXTz+VNypJOVglH5fDsf1KpU:s3RM+KL9/u5Wcxr8/frTzcNS0G3fDsft

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fba9f56d6e36247805eaab870f87f103_JaffaCakes118

Files

fba9f56d6e36247805eaab870f87f103_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a0580a8987ec7b770403cd0608686f19

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindAtomA
GetPrivateProfileStringA
GetCurrentThreadId
LocalFree
lstrlenW
GetDriveTypeW
GetEnvironmentVariableW
InitializeCriticalSection
HeapCreate
SuspendThread
CreateEventW
GetConsoleAliasA
GetNumberFormatA
TlsGetValue
LocalFlags
ResumeThread
FindClose
GetCurrentProcessId
ReadFile
LoadLibraryW

user32

DrawTextA
CallWindowProcW
GetClassInfoA
DrawStateW
DispatchMessageA
GetSysColor
GetKeyboardType
IsWindow
SetFocus
GetClientRect
GetSysColor
CreateWindowExA
EndDialog

srclient

EnableSR
EnableSR
EnableSR
EnableSR
EnableSR

clbcatq

DllGetClassObject

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 484KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 364KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ