0c801b1e4923bd26195babd063716ec2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0c801b1e4923bd26195babd063716ec2_JaffaCakes118
Size

148KB
MD5

0c801b1e4923bd26195babd063716ec2
SHA1

bdc151e7197c9832f411d3c12004fe6439718882
SHA256

1ae6912bbb0e14cc0122ab7087f297644ec36691c5a6dbd2f4511c2fdddf816e
SHA512

32fe2d9e8125b89396a9ec6804f4050fda44d3978094cd01ee533808ac2daf6b76c83ddee0898bbf2790ecfafe06453bd83bd29f95311a97a1178e1ccd9d63d6
SSDEEP

3072:v6L0C44XKtn4gHYZ1ol+TNtQWul7w5RiR4Z:vI7ol8tK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c801b1e4923bd26195babd063716ec2_JaffaCakes118

Files

0c801b1e4923bd26195babd063716ec2_JaffaCakes118
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\portla2008\13670d27\2421a326\App_Web_sen-rs9c.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 132KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ