09c6070e083cc7190322664663a29b18_JaffaCakes118 | Triage

Sharing

General

Target

09c6070e083cc7190322664663a29b18_JaffaCakes118
Size

3.2MB
MD5

09c6070e083cc7190322664663a29b18
SHA1

b28177e8c4b96d34c354698ee3b854c2ee427a40
SHA256

46b4610199d8f5d31ce5033091e88d4d4d34810cdabade5b42c7a364eda7cbfa
SHA512

cc7908b74ed06fbdd848110b574b9b39b1c11579dab189556f3305904b6a877cabc6cf2a04dec7a462fb91d30def3534efc88cfa49b7970b2441843921d28e4e
SSDEEP

3072:Oc8d7JiFHPiQzTYWT9eodH4MiEzhl5pa9LLBSMH3HKRucQXlHbj:ApwxuoOMTlm9LL1H3HBcs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
09c6070e083cc7190322664663a29b18_JaffaCakes118

Files

09c6070e083cc7190322664663a29b18_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

RunAs
SensNotifyNetconEvent
SensNotifyRasEvent
SensNotifyWinlogonEvent
ServiceMain
StartAs

Sections

CODE
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 13KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 205B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ