run
Behavioral task
behavioral1
Sample
b00fb103f7b569835247d0d1b480787f_JaffaCakes118.dll
Resource
win7-20240708-en
General
-
Target
b00fb103f7b569835247d0d1b480787f_JaffaCakes118
-
Size
80KB
-
MD5
b00fb103f7b569835247d0d1b480787f
-
SHA1
4659835205ef20ba48c8c11ab584b6e2e09b993e
-
SHA256
2f6a4a41dd8ed413ac04d2fd15188295cc7d139948fda80a0df98ea762f7960a
-
SHA512
063004cf389291e19b6d3338a01eb7d0010ff1fa7100dfeda64c6ed4d45c26fc9ca1e618b99acfd2e786e49034000dbcad7b2aaa6fa1b6737abcf41acda8dd7a
-
SSDEEP
768:odoF/PjJaIm//39QqUHBNadrna2edb9HmZELLsdbIWRWeFWxZ:zDm/P9xUH6dra2edb9G4iSxZ
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 1 IoCs
resource yara_rule sample family_blackmoon -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource b00fb103f7b569835247d0d1b480787f_JaffaCakes118
Files
-
b00fb103f7b569835247d0d1b480787f_JaffaCakes118.dll windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Exports
Exports
Sections
|G*0 Size: 52KB - Virtual size: 52KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|G*1 Size: 16KB - Virtual size: 16KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
|G*2 Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE