d60431539b5d3b99845901e16634386f_JaffaCakes118 | Triage

Sharing

General

Target

d60431539b5d3b99845901e16634386f_JaffaCakes118
Size

44KB
MD5

d60431539b5d3b99845901e16634386f
SHA1

2d7ac23a3019cc8fe936dd8ffff203f59299c277
SHA256

ef6f742abf6f2c9aaf39bb9d2c42643f9f0f2110fc14036d61bb8e220f02db53
SHA512

99d60cef5951071dbc855e548c429901ad17a7503dc1d409a22d84d0bc5135e7e6d2227c27daa156ec4c11860244b820cba235164f5d61d844290e48f190e763
SSDEEP

768:p/5/Nd7UwgxeAQ4pyl8mjK7uHxnaEfR4W3u+Wei6gkHQAp7nVy9qERMalKgTLfwk:p/5/H7cxtQEyl8mauH8O4W3u+WeiA5Ve

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d60431539b5d3b99845901e16634386f_JaffaCakes118

Files

d60431539b5d3b99845901e16634386f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b7897d71fbad8764c0502fc9d0485db9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
VirtualProtect
HeapCreate
EnterCriticalSection
GlobalUnlock
GetStdHandle
LockResource
GetDriveTypeA
InterlockedExchange
RaiseException
GetLastError
GetACP
CloseHandle
GlobalDeleteAtom
SetConsoleOutputCP
LoadLibraryExA
GlobalFree
FoldStringA
SetErrorMode
GlobalAddAtomA
GetLocaleInfoA

user32

GetParent
ReleaseDC
ShowWindow
GetActiveWindow
ClipCursor
OemToCharBuffA
BeginPaint
GetWindow
GetWindowTextA
GetClassNameA
GetFocus
GetCursorPos
SetForegroundWindow
EndPaint
DrawTextA
DrawEdge
ValidateRect
GetMenuItemInfoA
IsIconic

ntdsapi

DsFreeNameResultA
DsGetSpnA
DsCrackNamesA
DsIsMangledDnA
DsBindA

netapi32

DsRoleCancel

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ