c9479c602503f009c96ef10bf1af5064_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c9479c602503f009c96ef10bf1af5064_JaffaCakes118
Size

447KB
MD5

c9479c602503f009c96ef10bf1af5064
SHA1

bcb2299fc693ebde040d4c5d84fb459802f9e97b
SHA256

16fc5ee39aa261aa40bf91c6458b78af858af0f9601293c4580c805de322e78a
SHA512

fc049073a09d314a97b02396935652a23df6de391af8084787f598ffb541d5b3f827fd8163da3fefd3e0bd961c70dd4dea1da5f9b0b8b6d7f597a610aa0b3f3e
SSDEEP

12288:Z1HWF9A+eGGi7d1hBnAHPP/6omOZYWevCmvntpk1qK:Zs9heGvnrS6i2WE/PtG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c9479c602503f009c96ef10bf1af5064_JaffaCakes118

Files

c9479c602503f009c96ef10bf1af5064_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bf67468eff7344019f86adaef8b52e84

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetConsoleOutputCP
SetErrorMode
GlobalFree
GetACP
Sleep
RaiseException
VirtualProtect
FoldStringA
GlobalUnlock
LockResource
GetLocaleInfoA
EnterCriticalSection
GlobalDeleteAtom
GlobalAddAtomA
GetLastError
GetStdHandle
InterlockedExchange
HeapCreate
LoadLibraryExA
CloseHandle
GetDriveTypeA

user32

GetClassNameA
DrawTextA
GetWindow
DrawEdge
GetWindowTextA
ClipCursor
ValidateRect
ShowWindow
BeginPaint
EndPaint
GetParent
GetActiveWindow
GetMenuItemInfoA
GetCursorPos
GetFocus
OemToCharBuffA
ReleaseDC
IsIconic
SetForegroundWindow

ntdsapi

DsBindA
DsCrackNamesA
DsIsMangledDnA
DsGetSpnA
DsFreeNameResultA

netapi32

DsRoleCancel

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ