385dd9d9a554ec4fe4607ec9032d67f1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

385dd9d9a554ec4fe4607ec9032d67f1_JaffaCakes118
Size

12KB
MD5

385dd9d9a554ec4fe4607ec9032d67f1
SHA1

2b41a8c9a9eeacf7f7798182718420a8f65e3ec8
SHA256

2651f4606b1b540b7ef5f31062b54aa8f33686c7a5215d9e29f4f3a8871c3a9d
SHA512

51f42e028a3b23490cc0e7a39ae49652b478ed2b8dc5a4a4025e5644873c44c376e013584631257d77232ef660064c8cc8cf079e1cf58a819f376db5083115e7
SSDEEP

192:8Neaa9a7EqZcDR8aM4YH6/0PGU8ZQUC3vQ/w6felFC7nx0PPz03M5IghLMXrNjR:+4ouQ1/q/elY7nx+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
385dd9d9a554ec4fe4607ec9032d67f1_JaffaCakes118

Files

385dd9d9a554ec4fe4607ec9032d67f1_JaffaCakes118
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\palacehotelguestportal\3806cbbc\6feb4d5d\App_Web_d5xtt2mf.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ