0bf069d0ffa536c786cfe1468594cc15_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0bf069d0ffa536c786cfe1468594cc15_JaffaCakes118
Size

311KB
MD5

0bf069d0ffa536c786cfe1468594cc15
SHA1

44b4678407f2b0709bba0db209e1a8de74ab65fb
SHA256

6d03cd36e559dd3cb34c37c348e83c94ab3de35b9d5b114d28f4533f2f90a971
SHA512

c89159d89fce34bf285392bd84ed2a2656852ddeb752dc7bd2a487f3b0d4be410d0ab7ea56290baac6a6042dac01550f967f187535e17bca8bf3e06a5e62a8d0
SSDEEP

6144:RfvzjbbHLCL7pBLfCartChwkmBjH+7hvwTR3Z+3VW6qkFtnJr7JOU9r:RTjbbqJCarAVmBQhId3GVTFxZVT9r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0bf069d0ffa536c786cfe1468594cc15_JaffaCakes118

Files

0bf069d0ffa536c786cfe1468594cc15_JaffaCakes118
.exe windows:4 windows x86 arch:x86

de95c6ffe079b44b7f5a65227bac64ce

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalAddAtomA
Sleep
SetConsoleOutputCP
GetDriveTypeA
GetLastError
LoadLibraryExA
FileTimeToLocalFileTime
GetStdHandle
CloseHandle
RaiseException
LockResource
SetErrorMode
GlobalDeleteAtom
VirtualProtect
GlobalUnlock
EnterCriticalSection
GetLocaleInfoA
HeapCreate
GlobalFree
InterlockedExchange
GetACP

user32

ShowWindow
DrawEdge
ValidateRect
DrawTextA
ReleaseDC
BeginPaint
GetClassNameA
GetCursorPos
GetActiveWindow
EndPaint
GetWindow
GetMenuItemInfoA
ClipCursor
IsIconic
GetWindowTextA
SetForegroundWindow
GetParent
GetFocus
OemToCharA

ntdsapi

DsFreeNameResultA
DsGetSpnA
DsCrackNamesA
DsIsMangledDnA
DsBindA

netapi32

DsRoleCancel

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 696KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ