397e0fd74d30f935063938516d34fb4f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

397e0fd74d30f935063938516d34fb4f_JaffaCakes118
Size

668KB
MD5

397e0fd74d30f935063938516d34fb4f
SHA1

be99552da3de730dfeec0bc056d2d2ecec0c4885
SHA256

c5839f829723a5c186cec0678d64f99ce491f3d11114e0bd77541f08b629cd51
SHA512

0a016613959e8ac24632d358e50896aee3c294bc325293d011e674e8242436e4eec110faf83f4a9d119124bde4d445380f2a1af8700fd08bb710c9ccbb533fd4
SSDEEP

12288:e4D9Tr5n3sL6oh1uZi4mziVnRHeoJ1ybFt7kzWstdDDZxnR65/zThvO4/PBvT9U8:e4D9TJ0j1uZ+1oJIbrB8pxnR65rTY4HN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
397e0fd74d30f935063938516d34fb4f_JaffaCakes118

Files

397e0fd74d30f935063938516d34fb4f_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
InitSecurityInterfaceW
LsaApCallPackage
LsaApCallPackagePassthrough
LsaApCallPackageUntrusted
LsaApInitializePackage
LsaApLogonTerminated
LsaApLogonUser
LsaApLogonUserEx
SpInitialize
c
f
o
s

Sections

.text
Size: 404KB - Virtual size: 404KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ