2900ebdc6509c31143d2e906c8564641_JaffaCakes118 | Triage

Sharing

General

Target

2900ebdc6509c31143d2e906c8564641_JaffaCakes118
Size

447KB
MD5

2900ebdc6509c31143d2e906c8564641
SHA1

11d835fd29ec292f1458af5092bc9af9c79afe01
SHA256

9ebd86e1e9ee094853f72c3b69e3b45f06b57beac8ff4a222e0e32efd1e26cce
SHA512

5ba0611f9f393c43a1c0b59c6262c686944e16eb3b6f75316ae575d5a17ebefa6993f95da988e72fa0703ecdedfa22f0d0d3bcdb8810db6fb5e87d9d306f493e
SSDEEP

12288:z52k/5CJKfPZxKJpSEIP13toJrq0W55T6:drcOPuHd6puJ+P55W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2900ebdc6509c31143d2e906c8564641_JaffaCakes118

Files

2900ebdc6509c31143d2e906c8564641_JaffaCakes118
.exe windows:4 windows x86 arch:x86

11abed14c635dc8ada7f52727c85e422

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocaleInfoA
HeapCreate
GetACP
LoadLibraryExA
VirtualProtect
GlobalFree
GetDriveTypeA
GetStdHandle
CloseHandle
RaiseException
EnterCriticalSection
Sleep
GetLastError
SetConsoleOutputCP
LockResource
GlobalUnlock
GlobalDeleteAtom
FileTimeToLocalFileTime
GlobalAddAtomA
SetErrorMode
InterlockedExchange

user32

GetActiveWindow
BeginPaint
ReleaseDC
GetWindowTextA
GetParent
ValidateRect
ClipCursor
GetMenuItemInfoA
EndPaint
DrawEdge
GetClassNameA
ShowWindow
OemToCharA
GetWindow
DrawTextA
GetFocus
IsIconic
GetCursorPos
SetForegroundWindow

ntdsapi

DsCrackNamesA
DsFreeNameResultA
DsIsMangledDnA
DsGetSpnA
DsBindA

netapi32

DsRoleCancel

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ