296cccb32b23797ccef8b98dcc89efbe_JaffaCakes118 | Triage

Sharing

General

Target

296cccb32b23797ccef8b98dcc89efbe_JaffaCakes118
Size

1.1MB
MD5

296cccb32b23797ccef8b98dcc89efbe
SHA1

6848d5982591eccb415acfa74857dc84e8131dac
SHA256

ccf2a497afa98c41ad60e1bb8294ad7265ec80457bc1396b1f3096c3640c6980
SHA512

cb90d0607d4b5611c46cbde7bb47ff1a92f4a52c76ee8c172851225953f54483b27869f338fdb8e29f5f11e7fdc4c242ddade214156b4db0328389ad0e6e4c9e
SSDEEP

12288:dvYeEZhESnbtRqg4IB1jRd3mRSqh8IN88TNML4t4rPYH3YJAnM5BZLvwA3NbRrze:dvxehEeJ1XQByIN8e612Il5t34CU3bT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
296cccb32b23797ccef8b98dcc89efbe_JaffaCakes118

Files

296cccb32b23797ccef8b98dcc89efbe_JaffaCakes118
.exe windows:1 windows x86 arch:x86

18b30608916660e28fe2e37524fd7686

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ILSaveToStream
OpenRegStream
ILFindChild
DAD_DragEnterEx2
Options_RunDLL
PathGetShortPath
ExtractIconA
ExtractAssociatedIconA
RestartDialog
DllRegisterServer
DriveType
ILCreateFromPathA
RegenerateUserEnvironment
ILClone
PathYetAnotherMakeUniqueName

adsldpc

ADsWriteAttributeDefinition
InitObjectInfo
ADsCreateDSObject
GetLDAPTypeName
Component
BuildADsParentPath
AdsTypeFreeAdsObjects
ADsCreateClassDefinition
AllocADsStr
ADsHelperGetCurrentRowMessage
AdsTypeToLdapTypeCopyGeneralizedTime
ADSICreateDSObject
ChangeSeparator
ADsEnumAttributes
ADsWriteClassDefinition

kernel32

InitializeCriticalSection
UnmapViewOfFile
ReadFile
EnterCriticalSection
ExitProcess
CopyFileExA
CloseHandle
CreateFileA
GetProcessHeap
GetCurrentProcess
GetCurrentThreadId
GetFileAttributesA
CreateFileMappingA
MapViewOfFile
WaitForSingleObject
ReadFileEx
VirtualAlloc
VirtualFree
SetFilePointer
LeaveCriticalSection

Sections

.text
Size: 518KB - Virtual size: 517KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrcs
Size: 426KB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ