run
Behavioral task
behavioral1
Sample
6fdaa8a1e834cef88caf3cebb3555f33_JaffaCakes118.dll
Resource
win7-20240705-en
General
-
Target
6fdaa8a1e834cef88caf3cebb3555f33_JaffaCakes118
-
Size
80KB
-
MD5
6fdaa8a1e834cef88caf3cebb3555f33
-
SHA1
f0e0a6db615b138d1732eef20e1bdc22c7e5536d
-
SHA256
a7c318ce7ff2979653a753794a52dde9cd894f738d027ac7362afd20216f72af
-
SHA512
c8019cbfe53882689064415e6d0876174d48c24a643437b4d119ad1887f52191561d78cd352abf889358f4b240bc8182ec77240f68ecb0d337df660f56bdab40
-
SSDEEP
768:hMFz18Cn+Im/aVtQeUMQ9adrra2Vru5dCnrcqbGfzHWxZ:I/m/2tFUMRdr+2VydCrhSfyxZ
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 1 IoCs
resource yara_rule sample family_blackmoon -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 6fdaa8a1e834cef88caf3cebb3555f33_JaffaCakes118
Files
-
6fdaa8a1e834cef88caf3cebb3555f33_JaffaCakes118.dll windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Exports
Exports
Sections
DiJ@0 Size: 52KB - Virtual size: 52KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
DiJ@1 Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
DiJ@2 Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE