5651d33bfd748b4a1a084a60b9b673a6_JaffaCakes118 | Triage

Sharing

General

Target

5651d33bfd748b4a1a084a60b9b673a6_JaffaCakes118
Size

289KB
MD5

5651d33bfd748b4a1a084a60b9b673a6
SHA1

19378ec1c5ced0d3790f9ae646afb96225552730
SHA256

aad72f6a4ebe08cdc193e3bdd3bb92e72ddeeea82902fb100efaf688bf99be78
SHA512

f65b18f947e4e7b3c437bfad72daec63ad43c461e9eb67befb2b33c85b63607b535afa6f78779b7c0ec94be39806f6407e3722df590707deedc86af76efeb79b
SSDEEP

6144:E/DHUU1LaqMRHQECf0iDTNGuxL6+a9+dsDnhp4vq/N0pbeQ:EIua3HkXTNGiLBSnhpaq1a9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5651d33bfd748b4a1a084a60b9b673a6_JaffaCakes118

Files

5651d33bfd748b4a1a084a60b9b673a6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

19c7de679cbc7604e7a65d7508c97028

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetACP
InterlockedExchange
LoadLibraryExA
SetErrorMode
HeapCreate
GetLastError
GlobalAddAtomA
EnterCriticalSection
SetConsoleOutputCP
RaiseException
GlobalFree
VirtualProtect
LockResource
GetLocaleInfoA
Sleep
CloseHandle
FileTimeToLocalFileTime
GetDriveTypeA
GlobalDeleteAtom
GlobalUnlock
GetStdHandle

user32

IsIconic
SetForegroundWindow
GetWindowTextA
EndPaint
DrawTextA
DrawEdge
GetParent
ClipCursor
GetClassNameA
GetMenuItemInfoA
GetActiveWindow
GetWindow
OemToCharBuffA
ReleaseDC
BeginPaint
ValidateRect
ShowWindow
GetCursorPos
GetFocus

ntdsapi

DsIsMangledDnA
DsCrackNamesA
DsGetSpnA
DsBindA
DsFreeNameResultA

netapi32

DsRoleCancel

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 968KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ