ea110a7ea46995c9de4fc6b01b30b5c0_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ea110a7ea46995c9de4fc6b01b30b5c0_JaffaCakes118
Size

37KB
MD5

ea110a7ea46995c9de4fc6b01b30b5c0
SHA1

801559721aa6a0ca8c6b2cf1030d8238c0fde43b
SHA256

c426544097f20f4cff0df33292d08d9c7d6e6ae4b0b5b1d9695913033baf8d8b
SHA512

ae687b39d723f84e51587b36fc25b9c3903460f5d13d6debd1bd7967a57fcac98e741730887dfc3c847e8e63a2870be56dc9c2da4c417f6b9b80b5b5097c20cf
SSDEEP

768:ILhYkprGkej4ZPxzxmjMB5toC4D5A1lMmOMFRMCGb1FrX2:ILhYGrGkeYz8K5fCA1imOKGzX2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea110a7ea46995c9de4fc6b01b30b5c0_JaffaCakes118

Files

ea110a7ea46995c9de4fc6b01b30b5c0_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

WlLogonEvent
WlStartShellEvent
WlStartupEvent

Sections

CODE
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ