d46eea0550a53fe692ca75e03470875b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d46eea0550a53fe692ca75e03470875b_JaffaCakes118
Size

638KB
MD5

d46eea0550a53fe692ca75e03470875b
SHA1

5b3d916e81fa8a3bff6814ab70529a01ab0aa291
SHA256

25171fbc71f8293a03e8d6701cf8e0d60cf20eb2aa70ac452c0817bf76d8ab86
SHA512

8dbe8a2d96d473d5a1fb12d186885f0c367065e39d8d6ab3223362c85e8483b0a99b454c0d7cf6a5eab8f3af55371a64779c6afc2f75a9f0a3d717794e5b926c
SSDEEP

12288:6DrSP/ENnKVo4U4wyLaPM6C8kaIkpOQN1Uv7ujvfwNGAuHeihqh:6v9N/4dLHVY7pxlj+GAuHrm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d46eea0550a53fe692ca75e03470875b_JaffaCakes118

Files

d46eea0550a53fe692ca75e03470875b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e2b18e142e3a31b19c09e77c14a878b6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryExA
VirtualProtect
CloseHandle
HeapReAlloc
SuspendThread
GetSystemDefaultLangID
GetStdHandle
GetProfileIntA
InterlockedExchange
WaitForMultipleObjects
AddAtomA
GetCommandLineA
CompareFileTime
HeapCreate
GetModuleHandleA
lstrlenA
GetTickCount
GetVersion
GetConsoleCP
GlobalUnlock
WaitForSingleObject

user32

EqualRect
SetPropA
DispatchMessageA
GetKeyState
PostMessageA
DialogBoxParamA
PaintDesktop
GetWindowTextA
DestroyMenu
InsertMenuA
GetDlgItem
DrawCaption
GetKeyboardLayout
GetMenuStringA
MessageBoxA
SetWindowPos
SubtractRect
FindWindowA
TranslateMessage
EnableScrollBar
CreateCaret
IsDialogMessage
ModifyMenuA
CopyRect
CreateCursor

netapi32

DsRoleFreeMemory
DsRoleCancel
DsGetDcNextA
DsGetDcNameA
DsGetDcOpenA

wldap32

ldap_add

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ