cfa133be8df4c30293f75773d625a9fc_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cfa133be8df4c30293f75773d625a9fc_JaffaCakes118
Size

242KB
MD5

cfa133be8df4c30293f75773d625a9fc
SHA1

73594198de1e0bb786108523b9c64b321dee1638
SHA256

366a352f30dd70334c5a8b70672aa0558081f3b36a4c8c9d2d2f8e037bc26cdc
SHA512

2864327bf48d936889c9b5d33d86b042304ba8f1bca076f2fef1f9592dc966f27c0589164c2fae19b6eb37a13bae7dd1047c46da7562926f19c04d1dc6baf5bc
SSDEEP

6144:7q1/uWpxw/oWNmfem8o+H0VApyMNyHoMTdf1AVF5:7q4WxYvH9dNC0F5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cfa133be8df4c30293f75773d625a9fc_JaffaCakes118

Files

cfa133be8df4c30293f75773d625a9fc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fd14994b0333132811c3d1dde00121b6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalUnlock
SetErrorMode
HeapCreate
SetConsoleOutputCP
LoadLibraryExA
Sleep
GetLastError
GetStdHandle
RaiseException
InterlockedExchange
GlobalFree
GetDriveTypeA
CloseHandle
FileTimeToLocalFileTime
EnterCriticalSection
LockResource
VirtualProtect
GlobalDeleteAtom
GlobalAddAtomA
GetLocaleInfoA
GetACP

user32

GetActiveWindow
GetWindowTextA
DrawEdge
ShowWindow
ReleaseDC
GetCursorPos
DrawTextA
IsIconic
GetClassNameA
GetWindow
GetMenuItemInfoA
ClipCursor
GetParent
BeginPaint
OemToCharA
SetForegroundWindow
GetFocus
EndPaint
ValidateRect

ntdsapi

DsCrackNamesA
DsIsMangledDnA
DsBindA
DsFreeNameResultA
DsGetSpnA

netapi32

DsRoleCancel

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 596KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ