dbb0ba9896128d7e25b004eed1e00d58_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dbb0ba9896128d7e25b004eed1e00d58_JaffaCakes118
Size

317KB
MD5

dbb0ba9896128d7e25b004eed1e00d58
SHA1

85e3aca7dc462ab8abe855aa10281a616e1950bf
SHA256

2e33380327046911ac0f08416ae93097883808081d09b56c7daa615612cea48b
SHA512

b03754d0df6592bfeef93065986e534385e0a441a43b2783e843ba9fee2e1fa084cdd14d1f710717a5bb62db9f4f6e420fa3c0794fd68a71ec97ec315a59bfe7
SSDEEP

6144:IXi1UZvfVobjP/nI3cgfpS9oLw74F2ezIwPk8C2hGZMYYy:IMUZvdkbI3ccS/E2ezIwc8nYYy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dbb0ba9896128d7e25b004eed1e00d58_JaffaCakes118

Files

dbb0ba9896128d7e25b004eed1e00d58_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cb319fde60c9b23065958f0002b2df38

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalDeleteAtom
SetErrorMode
InterlockedExchange
GlobalFree
GetStdHandle
FileTimeToLocalFileTime
GetACP
HeapCreate
LockResource
GetLastError
VirtualProtect
RaiseException
GetLocaleInfoA
LoadLibraryExA
GlobalUnlock
GetDriveTypeA
Sleep
GlobalAddAtomA
EnterCriticalSection
CloseHandle
SetConsoleOutputCP

user32

GetParent
GetActiveWindow
OemToCharA
ValidateRect
GetWindowTextA
GetWindow
GetClassNameA
GetMenuItemInfoA
ClipCursor
BeginPaint
GetCursorPos
ShowWindow
SetForegroundWindow
EndPaint
IsIconic
DrawEdge
GetFocus
DrawTextA
ReleaseDC

ntdsapi

DsIsMangledDnA
DsCrackNamesA
DsBindA
DsGetSpnA
DsFreeNameResultA

netapi32

DsRoleCancel

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 700KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ