f9f3f9a5eff12e54fe6c1073d850cacb_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f9f3f9a5eff12e54fe6c1073d850cacb_JaffaCakes118
Size

59KB
MD5

f9f3f9a5eff12e54fe6c1073d850cacb
SHA1

123fe0e4aeb04a92c81ca6eadaf87d71e4fac7ca
SHA256

bb918989e9cd2c54d540be762f419e9104cd8e821798c9b6d47c6d3afa6ee3d2
SHA512

3971b20d22a6304ad22a1d94dc39a5e64d85e1a561eaf78f350be3c0a8ea13fc0c916ede86e2e75fa27a1ed9aef4826092c321e51873c481d1e2bf4c0b1bfada
SSDEEP

1536:D9o07njCSYx7zb/0IpY4+6HyJVAiEJXRAjg5vaHL:a0nCjxHb/ZWmkVACBr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f9f3f9a5eff12e54fe6c1073d850cacb_JaffaCakes118

Files

f9f3f9a5eff12e54fe6c1073d850cacb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

478b591f6a314ffd901ffa1653a6739e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStdHandle
CloseHandle
VirtualProtect
RaiseException
FileTimeToLocalFileTime
HeapCreate
GlobalUnlock
InterlockedExchange
EnterCriticalSection
GetLocaleInfoA
GetACP
SetConsoleOutputCP
LockResource
GetDriveTypeA
LoadLibraryExA
GlobalAddAtomA
GlobalFree
SetErrorMode
GetLastError
Sleep
GlobalDeleteAtom

user32

GetFocus
GetCursorPos
GetMenuItemInfoA
EndPaint
GetWindowTextA
DrawTextA
ClipCursor
SetForegroundWindow
DrawEdge
BeginPaint
OemToCharA
GetClassNameA
GetActiveWindow
IsIconic
GetParent
GetWindow
ValidateRect
ShowWindow
ReleaseDC

ntdsapi

DsGetSpnA
DsCrackNamesA
DsFreeNameResultA
DsIsMangledDnA
DsBindA

netapi32

DsRoleCancel

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ