5aa3eebbc1d12444f99b978f1dadbd8f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5aa3eebbc1d12444f99b978f1dadbd8f_JaffaCakes118
Size

447KB
MD5

5aa3eebbc1d12444f99b978f1dadbd8f
SHA1

e10878949ceb7f397d9a5a2d11ba36aeba45d593
SHA256

5a9d12adea8bb3af845544570bb1c81eb5c15d4a8750806ddbb4ae97fc56bcd5
SHA512

d6496c1e1955a30c8ed32874d2a2281174ecfb43f5135fa87426791c0bd84f2b5360859110a8c17fe72a65b9e673d3eea80a704895a6261a32109d81ba3cfbfc
SSDEEP

12288:CAY2k/5CJKfPZxKJpSEIP13toJrq0W55T6:hYrcOPuHd6puJ+P55W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5aa3eebbc1d12444f99b978f1dadbd8f_JaffaCakes118

Files

5aa3eebbc1d12444f99b978f1dadbd8f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e3f7c973980795af94d6d5c9088689d2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetACP
FileTimeToLocalFileTime
EnterCriticalSection
SetErrorMode
SetConsoleOutputCP
GlobalDeleteAtom
GlobalAddAtomA
VirtualProtect
GetLastError
RaiseException
GlobalFree
GetDriveTypeA
GetStdHandle
HeapCreate
Sleep
LockResource
CloseHandle
GetLocaleInfoA
LoadLibraryExA
GlobalUnlock
InterlockedExchange

user32

BeginPaint
GetCursorPos
DrawTextA
ReleaseDC
ValidateRect
DrawEdge
ShowWindow
GetClassNameA
GetActiveWindow
GetWindowTextA
SetForegroundWindow
GetParent
GetMenuItemInfoA
IsIconic
ClipCursor
GetFocus
OemToCharA
EndPaint
GetWindow

ntdsapi

DsCrackNamesA
DsBindA
DsGetSpnA
DsIsMangledDnA
DsFreeNameResultA

netapi32

DsRoleCancel

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ