6f6df11c0814860cc5a4fe7a9db87cc9_JaffaCakes118 | Triage

Sharing

General

Target

6f6df11c0814860cc5a4fe7a9db87cc9_JaffaCakes118
Size

321KB
MD5

6f6df11c0814860cc5a4fe7a9db87cc9
SHA1

539bbcc5ec63af4255a65e20ffb1352338cf41d2
SHA256

304a2a17f482efca5e8a9e59b7e17f0f7cbd3bce77680f72ef079a81eadab70c
SHA512

82bf7779e05bd6a734e51747f8fa8f879853c9869f88ecc0f7bf6bf13aeacdd47e7c506b9dde688c955c1f688f2889f8a8c92d263fcb411ec8663a43fe6ce31c
SSDEEP

6144:Fy9xbRMPI1qIELTUbTvfjstzx6UqUxaUWEN:Fwi

Score

10^/10

Malware Config

Signatures

Contains code to disable Windows Defender 1 IoCs
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

Processes:

resource yara_rule

sample disable_win_def

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
6f6df11c0814860cc5a4fe7a9db87cc9_JaffaCakes118

Files

6f6df11c0814860cc5a4fe7a9db87cc9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 292KB - Virtual size: 291KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ