03bd7fd40ecb967d8baff03815ab64fa_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

03bd7fd40ecb967d8baff03815ab64fa_JaffaCakes118
Size

317KB
MD5

03bd7fd40ecb967d8baff03815ab64fa
SHA1

985d7ba5d1a2076766b6c4e140d43890c97f422a
SHA256

6f7169249e93437f6ccd50df6db5032c7138616fb401c9137b1f3c24c77f1cab
SHA512

b6fcf339c870cb14e29d815ee19433346a7ece6aa0da6610061b4d9ee8462b2b9d512224faaf34335583517b8bcc0e2e3b95d4facb35a2fbf75788625013edf1
SSDEEP

6144:Ezi1UZvfVobjP/nI3cgfpS9oLw74F2ezIwPk8C2hGZMYYy:EgUZvdkbI3ccS/E2ezIwc8nYYy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03bd7fd40ecb967d8baff03815ab64fa_JaffaCakes118

Files

03bd7fd40ecb967d8baff03815ab64fa_JaffaCakes118
.exe windows:4 windows x86 arch:x86

aff13d2fcca084a63b19e7f6c75beeb8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RaiseException
GlobalDeleteAtom
GetACP
GetLocaleInfoA
LockResource
GetLastError
CloseHandle
SetConsoleOutputCP
LoadLibraryExA
GlobalFree
GetStdHandle
GlobalAddAtomA
VirtualProtect
GetDriveTypeA
SetErrorMode
HeapCreate
EnterCriticalSection
InterlockedExchange
GlobalUnlock
Sleep
FileTimeToLocalFileTime

user32

OemToCharA
GetFocus
GetMenuItemInfoA
GetWindow
EndPaint
ValidateRect
ShowWindow
BeginPaint
IsIconic
GetParent
DrawEdge
GetClassNameA
GetActiveWindow
ReleaseDC
GetWindowTextA
DrawTextA
GetCursorPos
ClipCursor
SetForegroundWindow

ntdsapi

DsGetSpnA
DsFreeNameResultA
DsIsMangledDnA
DsCrackNamesA
DsBindA

netapi32

DsRoleCancel

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 700KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ