Extracted

• • Target

    9ef4e2013dd741e33d122fa52e5e000e_JaffaCakes118

  • Size

    116KB

  • MD5

    9ef4e2013dd741e33d122fa52e5e000e

  • SHA1

    136e52ae787a975f0bd5960848fb4850fc91b77d

  • SHA256

    18ba1702f630dcc4338ebca9353a0568517e34cb910a9fdaced98efd3933e2e5

  • SHA512

    f0af679b12d8c432bdf642a34e558ca26df7b51958b31908fcc76a62221b534370d1bb4392079dd335739067991c1abb0e409f20e6bd6cfbe057bbc20e30c46d

  • SSDEEP

    3072:oj4322JYYmDO53jEubLiLBwLPlUBEqW3wF/vA0n:o0GGYdDO91iwzl5HwFvA0

  Score

  10^/10

  smokeloadersa2backdoorpersistencetrojan

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Core1 .NET packer

    Detects packer/loader used by .NET malware.

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2