daa09199bca81f9634b80b505df8d656_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

daa09199bca81f9634b80b505df8d656_JaffaCakes118
Size

846KB
MD5

daa09199bca81f9634b80b505df8d656
SHA1

d587a6bc3a9a61f450786afe923462fc6d9a3f45
SHA256

f1773a819e15df4fd4d07c45830005b002483bb4de40e664aff19155307e089f
SHA512

e3c84c2c75126008c3c36ce1b37488a596da836e13190a2b836833849eec729ed987ad19ff583b7190b77ce8e854fd2c0f449b3cf115540f287157344141472b
SSDEEP

12288:eQ8J0PVFzY2M7CWkBFxoC2QZQYTWEZfNuHsNayDowj69kyNoilkqnuEO:edeA2M7CWyn2H+3Iwj69kEnk+uE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
daa09199bca81f9634b80b505df8d656_JaffaCakes118

Files

daa09199bca81f9634b80b505df8d656_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

himik
topladialpwd
topladownpwd
toplaexpwd
toplaftppwd
toplaimpwd
toplamailpwd
toplaotpwd

Sections

CODE
Size: 720KB - Virtual size: 719KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 7KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 221B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ