5f0c2f6f08f8a1bd58838a9336e76082_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5f0c2f6f08f8a1bd58838a9336e76082_JaffaCakes118
Size

447KB
MD5

5f0c2f6f08f8a1bd58838a9336e76082
SHA1

b04d506cb1587c42bbee6cb0bbfaadf3e6c58cce
SHA256

20ce41df838f7fdf9b0a9b49b4892d593753bbbea288b6884f3a68fe1a75f4fd
SHA512

7dae8dc671ac2fb6ec46d026330be756667d59adf61c4e59563b685c568f7a39ff9636c32825f0db29beb23960002ef7e50eb26db1076b4849653d17f0db5cb0
SSDEEP

12288:g/dScWIVAlAZ1lTkjfY4YdnWz9YjCt8r4pKz6Wjs:8S4txkz3YWt80pa6WQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5f0c2f6f08f8a1bd58838a9336e76082_JaffaCakes118

Files

5f0c2f6f08f8a1bd58838a9336e76082_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4d23f14e39618ff6300bedcb67cab8c0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetACP
Sleep
GlobalDeleteAtom
GetLastError
GetDriveTypeA
EnterCriticalSection
GetLocaleInfoA
HeapCreate
LoadLibraryExA
GetStdHandle
VirtualProtect
GlobalAddAtomA
InterlockedExchange
SetErrorMode
GlobalUnlock
RaiseException
CloseHandle
GlobalFree
SetConsoleOutputCP
LockResource
FileTimeToLocalFileTime

user32

GetWindowTextA
GetActiveWindow
EndPaint
DrawTextA
DrawEdge
ShowWindow
ReleaseDC
GetMenuItemInfoA
GetWindow
GetParent
ClipCursor
ValidateRect
GetFocus
GetCursorPos
OemToCharBuffA
SetForegroundWindow
GetClassNameA
IsIconic
BeginPaint

ntdsapi

DsCrackNamesA
DsGetSpnA
DsFreeNameResultA
DsBindA
DsIsMangledDnA

netapi32

DsRoleCancel

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ