53cada4dc7e365dd0242f797e0d0d0e6_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

53cada4dc7e365dd0242f797e0d0d0e6_JaffaCakes118
Size

300KB
MD5

53cada4dc7e365dd0242f797e0d0d0e6
SHA1

74858511fc8f8e0441ab14d1e3b9e9e46f0ecb47
SHA256

a9f5d7481707b139612c077634f065befac7cd6a283ae398c2a3eef1e0325a4d
SHA512

9626dde3f20bc04afbd3a3703d4f0dec1009b71dc473533e2960ad256e0757bd8ad11f5e61a89c0efb949f2143f0fb83a071cec72905e66646c1ef7444c8e1a3
SSDEEP

6144:mtcxQ+Bw/ONxG46mW6N/vGmzE1ziRs8s5RX6+tEPArZNfj7TXW+LA:4c5BIX/T6N/vWiRUPlt/j7TXL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
53cada4dc7e365dd0242f797e0d0d0e6_JaffaCakes118

Files

53cada4dc7e365dd0242f797e0d0d0e6_JaffaCakes118
.exe windows:5 windows x86 arch:x86

09dd670bc75ddaa0f9618e1ec4317bae

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDiskFreeSpaceA
InterlockedIncrement
GetDiskFreeSpaceA
HeapCreate
lstrcmpiA
lstrcmpA
SetFilePointer
Sleep
Sleep
GetExitCodeProcess
GetPrivateProfileSectionA
GetFileAttributesA
CreateDirectoryA
GetPrivateProfileIntW
SetEnvironmentVariableW
Sleep
WaitForMultipleObjects
InterlockedExchange
GetModuleHandleA
GetPrivateProfileIntW
FindResourceW
GetLongPathNameW
LoadLibraryExW

catsrv

DllCanUnloadNow
GetCatalogCRMClerk
CreateComponentLibraryTS
OpenComponentLibraryTS

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 20KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tdata
Size: 293KB - Virtual size: 293KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE