d0c46955ea5a0964c125a0248b624dc3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d0c46955ea5a0964c125a0248b624dc3_JaffaCakes118
Size

242KB
MD5

d0c46955ea5a0964c125a0248b624dc3
SHA1

f2754f0b40824e584afa422d7542c4e87260013a
SHA256

cea1f65634be74c083d8cefd7f2518663e0f77bcf26bdb25ab0676137b5b5ec9
SHA512

37b222fc2b57b2be927c65241a314025ea2851682f3a62a51ef071f38508681c5e6dbfa22732b223d0cdd198c5faa5fb9c8b3630fe2032ccbcd9ff5249c4e240
SSDEEP

6144:O5/uWpxw/oWNmfem8o+H0VApyMNyHoMTdf1AVF5:O8WxYvH9dNC0F5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d0c46955ea5a0964c125a0248b624dc3_JaffaCakes118

Files

d0c46955ea5a0964c125a0248b624dc3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ae7cb34b4e4f646dd9f2138bb4ac20e7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GlobalUnlock
RaiseException
GetLastError
GetStdHandle
Sleep
GetLocaleInfoA
InterlockedExchange
GetACP
GetDriveTypeA
GlobalAddAtomA
HeapCreate
FileTimeToLocalFileTime
GlobalFree
EnterCriticalSection
SetConsoleOutputCP
VirtualProtect
LockResource
LoadLibraryExA
GlobalDeleteAtom
SetErrorMode

user32

GetWindowTextA
GetClassNameA
BeginPaint
ReleaseDC
GetParent
ValidateRect
IsIconic
ClipCursor
GetCursorPos
DrawTextA
OemToCharA
GetActiveWindow
GetFocus
SetForegroundWindow
GetMenuItemInfoA
ShowWindow
DrawEdge
EndPaint
GetWindow

ntdsapi

DsFreeNameResultA
DsIsMangledDnA
DsCrackNamesA
DsBindA
DsGetSpnA

netapi32

DsRoleCancel

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 596KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ