d2600bf9169b27ee5a59677b51d47219_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d2600bf9169b27ee5a59677b51d47219_JaffaCakes118
Size

317KB
MD5

d2600bf9169b27ee5a59677b51d47219
SHA1

6e6ba6bd1fb620013105061f2dfc97ec76f7f978
SHA256

025d76a113c866a57b6597d8d6808080d36797b2ac725c1a18f4f838372574eb
SHA512

6a9012d0db48a2d51ec8332a6ccc86f17524a23be54490bcff5eef928ec5e5f35ae424a5c67b94dc03f6592875573ab815e1c73d6b8a8dfb91d0c5c7d6a5578a
SSDEEP

6144:cpi1UZvfVobjP/nI3cgfpS9oLw74F2ezIwPk8C2hGZMYYy:cuUZvdkbI3ccS/E2ezIwc8nYYy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d2600bf9169b27ee5a59677b51d47219_JaffaCakes118

Files

d2600bf9169b27ee5a59677b51d47219_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9819f73c4f7a2206397aede8e412dd24

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FileTimeToLocalFileTime
GlobalDeleteAtom
SetConsoleOutputCP
GetLastError
GetStdHandle
InterlockedExchange
CloseHandle
GlobalFree
LockResource
GetLocaleInfoA
SetErrorMode
Sleep
LoadLibraryExA
GetACP
GlobalAddAtomA
GlobalUnlock
GetDriveTypeA
HeapCreate
RaiseException
VirtualProtect
EnterCriticalSection

user32

GetClassNameA
IsIconic
GetActiveWindow
GetWindow
DrawTextA
ClipCursor
SetForegroundWindow
OemToCharA
ReleaseDC
GetWindowTextA
EndPaint
GetCursorPos
GetMenuItemInfoA
ShowWindow
GetFocus
GetParent
BeginPaint
ValidateRect
DrawEdge

ntdsapi

DsFreeNameResultA
DsGetSpnA
DsIsMangledDnA
DsCrackNamesA
DsBindA

netapi32

DsRoleCancel

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 700KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ