05444a980ab52c0d982321eebc03d42d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

05444a980ab52c0d982321eebc03d42d_JaffaCakes118
Size

317KB
MD5

05444a980ab52c0d982321eebc03d42d
SHA1

a16ef0fb94413470d9cbc04e08ac8115b23c335d
SHA256

f6a113c7835aeabb697b1fce0d46112127565d790a8c3e0ee11066fea5121e8f
SHA512

2b8b38f4bb7fbdad2b23e25bcc1936c09edc39e92e30a4f662aff1504449a70a074aaa47d9ed5b30f7b16bd2f7ffd236c23f1a7980685b90fb903e724456fee2
SSDEEP

6144:Kpi1UZvfVobjP/nI3cgfpS9oLw74F2ezIwPk8C2hGZMYYy:KuUZvdkbI3ccS/E2ezIwc8nYYy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
05444a980ab52c0d982321eebc03d42d_JaffaCakes118

Files

05444a980ab52c0d982321eebc03d42d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9819f73c4f7a2206397aede8e412dd24

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FileTimeToLocalFileTime
GlobalDeleteAtom
SetConsoleOutputCP
GetLastError
GetStdHandle
InterlockedExchange
CloseHandle
GlobalFree
LockResource
GetLocaleInfoA
SetErrorMode
Sleep
LoadLibraryExA
GetACP
GlobalAddAtomA
GlobalUnlock
GetDriveTypeA
HeapCreate
RaiseException
VirtualProtect
EnterCriticalSection

user32

GetClassNameA
IsIconic
GetActiveWindow
GetWindow
DrawTextA
ClipCursor
SetForegroundWindow
OemToCharA
ReleaseDC
GetWindowTextA
EndPaint
GetCursorPos
GetMenuItemInfoA
ShowWindow
GetFocus
GetParent
BeginPaint
ValidateRect
DrawEdge

ntdsapi

DsFreeNameResultA
DsGetSpnA
DsIsMangledDnA
DsCrackNamesA
DsBindA

netapi32

DsRoleCancel

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 700KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ