432b525b19f65561a06744bb671dfe47_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

432b525b19f65561a06744bb671dfe47_JaffaCakes118
Size

121KB
MD5

432b525b19f65561a06744bb671dfe47
SHA1

df80cdfc6e5200a852deab76dcf642becbc584fd
SHA256

e4358490a9a74ecf25232cf7004b4668fd3718341db0e5cb943b9386bed3a66d
SHA512

86474840b605613518fcd46abb92c3f5d1b7d24e852f8a7792ef98a0d569c10ca673be1fc829d748a0e8b8d13c3fdd18cb08f07334f29741552c15bb6816d15a
SSDEEP

3072:dNOIzjbbHLCLOMpinoYmnfh08f1rCd5obqmm5ybIphVU:dNvzjbbHLCL7pBLfCartChu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
432b525b19f65561a06744bb671dfe47_JaffaCakes118

Files

432b525b19f65561a06744bb671dfe47_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2bb961a74fd04d55ed65efea5f8618f3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryExA
CloseHandle
LockResource
SetConsoleOutputCP
GetLocaleInfoA
FileTimeToLocalFileTime
GlobalUnlock
VirtualProtect
GlobalDeleteAtom
GetStdHandle
GetDriveTypeA
SetErrorMode
RaiseException
InterlockedExchange
GetACP
GlobalFree
GlobalAddAtomA
HeapCreate
GetLastError
EnterCriticalSection
Sleep

user32

BeginPaint
OemToCharA
DrawTextA
GetCursorPos
GetFocus
GetWindow
IsIconic
ValidateRect
ClipCursor
EndPaint
DrawEdge
GetWindowTextA
GetParent
GetMenuItemInfoA
GetClassNameA
ShowWindow
ReleaseDC
GetActiveWindow
SetForegroundWindow

ntdsapi

DsCrackNamesA
DsBindA
DsFreeNameResultA
DsGetSpnA
DsIsMangledDnA

netapi32

DsRoleCancel

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 696KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ