529476e48b0405c4c2c9051ea71ceed4_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

529476e48b0405c4c2c9051ea71ceed4_JaffaCakes118
Size

1.6MB
MD5

529476e48b0405c4c2c9051ea71ceed4
SHA1

4df452588dec3c35fc4c6da4f8e414add8e02e43
SHA256

3beaf3375b8f5a721eba1a6b53c1a18ff06192f1b58340a91973ba90b992d45d
SHA512

7c6e349cb89bbc401cbb32c5bf24a6c17be18b0aedac86fecd8da3bcdae6b6cb43ea440516723d53bdc511b4d855758f39211bec966adda6f40fab9c4ad41bee
SSDEEP

3072:1H8dK6lMb3mDTNmY2z9XHvv08o2HOTEDzGNZc0XXqC8ymjoymjm:1ck6ylHHvA2HOTGzGbc0KC806

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
529476e48b0405c4c2c9051ea71ceed4_JaffaCakes118

Files

529476e48b0405c4c2c9051ea71ceed4_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

RunAs
SensNotifyNetconEvent
SensNotifyRasEvent
SensNotifyWinlogonEvent
ServiceMain
StartAs

Sections

CODE
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 13KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 205B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ