405b8bf9faf7792fbe3537894f9024a1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

405b8bf9faf7792fbe3537894f9024a1_JaffaCakes118
Size

1.8MB
MD5

405b8bf9faf7792fbe3537894f9024a1
SHA1

bfab9d069a07583b73a3a2060ea1abe28ad9b50e
SHA256

f5b10e17e8337fb176c5ac22c711296baf7d9accdf032107b43e5a0cc2878e94
SHA512

811c29f16bd7cca7e29c992c7393fda77abb2bb46e7aadfe6067f74f3538a747cf3360c62d771a17ae86d27fc6a1d4f054522e7d197711c1f7fa8c31ce937fe3
SSDEEP

3072:Oc8d7JiFHPiQzTYWT9eodH4MiEzhl5pa9LLBSMH3HKRucQXlHbjcbj:ApwxuoOMTlm9LL1H3HBcs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
405b8bf9faf7792fbe3537894f9024a1_JaffaCakes118

Files

405b8bf9faf7792fbe3537894f9024a1_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

RunAs
SensNotifyNetconEvent
SensNotifyRasEvent
SensNotifyWinlogonEvent
ServiceMain
StartAs

Sections

CODE
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 13KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 205B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ