13fa72558a2cb917e6fa837151fc4aed_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

13fa72558a2cb917e6fa837151fc4aed_JaffaCakes118
Size

371KB
MD5

13fa72558a2cb917e6fa837151fc4aed
SHA1

0b2beed5f7fa6ccf1d410ff44403ac963e1c55e8
SHA256

c655c7bb1040612c89d5fac1fc81ce9c13a4a70fcf671d2ceed39b58594ec02a
SHA512

9b8cc53becee968a1e1f34f228941335d8bcc7d32e180fa05a15441296d793bd6fcf7535bea3d6804f69645f38702886f1cdec8457402d8ee740b398d919bccf
SSDEEP

6144:/UL2RMaCKP9EoxGcTYNh91DQJ7w6Mcx8MYeWKnEWYzXTz+VNypJOVglH5fDsf1Ku:cL2RMacL9/u5Wcxr8/frTzcNS0G3fDsV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
13fa72558a2cb917e6fa837151fc4aed_JaffaCakes118

Files

13fa72558a2cb917e6fa837151fc4aed_JaffaCakes118
.exe windows:4 windows x86 arch:x86

21b2493f1e98d1f0cf2415d8603cfe2c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
FindAtomA
GetNumberFormatA
LocalFree
GetCurrentProcessId
CreateEventW
SuspendThread
GetPrivateProfileStringA
GetEnvironmentVariableW
HeapCreate
LoadLibraryW
GlobalFlags
FindClose
GetConsoleAliasA
GetDriveTypeA
InitializeCriticalSection
lstrlenW
WriteFile
TlsGetValue
ResumeThread

user32

IsWindow
DrawStateW
EndDialog
CreateWindowExA
GetClientRect
DrawTextA
SetFocus
GetSysColor
GetSysColor
CallWindowProcW
GetKeyboardType
DispatchMessageA
GetClassInfoA

resutils

ClusWorkerStart
ClusWorkerStart
ClusWorkerStart
ClusWorkerStart
ClusWorkerStart

clbcatq

DllGetClassObject

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 488KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 361KB - Virtual size: 361KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ