d5e7a41daf28ac25587793d1f9deb2ec_JaffaCakes118 | Triage

Sharing

General

Target

d5e7a41daf28ac25587793d1f9deb2ec_JaffaCakes118
Size

813KB
MD5

d5e7a41daf28ac25587793d1f9deb2ec
SHA1

62376eda6f291e26fc207f16e0ef2cb64b184070
SHA256

a11a038c38ee977eb6a5079179df583a2e655cf0b26e0761d0e1a211a38a9dbf
SHA512

ba0e4cce995f94f1920b5d834e63fc0f7e30c51ec1f0d507897dfff94c685374d33a78fe0bfff361c254b997305ea718b1451caa7af9f039c8d7a90fe11fa9ef
SSDEEP

12288:EUPNLF20LV53TbFdWnfHrecNHuyiRz/zKHtKGOREtE1o7fvaHQEVuwmffGPP:EeJFdV5/FUnTBNOyQKl/tE1o7fYIGP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d5e7a41daf28ac25587793d1f9deb2ec_JaffaCakes118

Files

d5e7a41daf28ac25587793d1f9deb2ec_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5af0285980c19d18db1d5c6c61bbb840

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
lstrcpyW
GetFileSize
EnterCriticalSection
HeapCreate
FoldStringA
LeaveCriticalSection
DeleteFileA
GetPrivateProfileIntW
SetCurrentDirectoryA
GetCurrentProcess
GetTickCount
GetStringTypeA
GetProcessVersion
SetEnvironmentVariableA
SetVolumeLabelW
GetConsoleTitleA
OpenThread
SetEndOfFile

activeds

ConvertSecurityDescriptorToSecDes
ADsGetLastError
ADsGetObject
ADsSetLastError

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 801KB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ