4011c2af1b474bf13dccf95d5d18d44d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4011c2af1b474bf13dccf95d5d18d44d_JaffaCakes118
Size

1.8MB
MD5

4011c2af1b474bf13dccf95d5d18d44d
SHA1

0d73fabb79b44857790af1f9621f2a7a6bca2451
SHA256

b3f0bfac1ec74b37f431fd7c8f8026bdbfe2874ea62fa4968d2cd68cd74e5c69
SHA512

0346b55f8365c34cf0be727a21562a6acc20d64be487b021ebd48c1bd0fd88500f3e56089d910bdea467dfa1f16996378dd0705f80dda078bf68465dc9e731db
SSDEEP

3072:Oc8d7JiFHPiQzTYWT9eodH4MiEzhl5pa9LLBSMH3HKRucQXlHbjfbj:ApwxuoOMTlm9LL1H3HBcs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4011c2af1b474bf13dccf95d5d18d44d_JaffaCakes118

Files

4011c2af1b474bf13dccf95d5d18d44d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

RunAs
SensNotifyNetconEvent
SensNotifyRasEvent
SensNotifyWinlogonEvent
ServiceMain
StartAs

Sections

CODE
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 13KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 205B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ