01de6b549881d64c54eabc0c6ad656a9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

01de6b549881d64c54eabc0c6ad656a9_JaffaCakes118
Size

1.8MB
MD5

01de6b549881d64c54eabc0c6ad656a9
SHA1

19e828238e7c25ee0e59107e4af8b04e07e684ff
SHA256

0498c3a748951277ed7c599f44a7a106a68ecf7a33afa8843b77578e95fedd27
SHA512

4540ee96e46b95c53c8f434fc9652d9eb5927924c0f8811a880fa5b85cd959ff91f23805ca0f546155dd7cd44311950ce89e8e4ae1bcc7d1502053c39993e759
SSDEEP

3072:1H8dK6lMb3mDTNmY2z9XHvv08o2HOTEDzGNZc0XXqC8ymjoymjm:1ck6ylHHvA2HOTGzGbc0KC806

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01de6b549881d64c54eabc0c6ad656a9_JaffaCakes118

Files

01de6b549881d64c54eabc0c6ad656a9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

RunAs
SensNotifyNetconEvent
SensNotifyRasEvent
SensNotifyWinlogonEvent
ServiceMain
StartAs

Sections

CODE
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 13KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 205B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ