54f7e16ef4c17367bfdb6634a7a56d09_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

54f7e16ef4c17367bfdb6634a7a56d09_JaffaCakes118
Size

72KB
MD5

54f7e16ef4c17367bfdb6634a7a56d09
SHA1

b4cdd0781103cba10d003f7fec64fa2c6fe52a94
SHA256

d46fe408d37c4307aeef6f3bb7ec5570c0dd5f95ea580f68bd084bff1f4b1961
SHA512

57366b682cbc0df9e5eaf2cb23b70d4c25079094caf7704d1fa8f0d44fc95ef43757e40f628c7c12d478624d24bae38fbed8b259f2e581b8476392debfb57d75
SSDEEP

768:dolYNkgO4mVRvTChNiW7KINjCHfx+UL2bHv+NRyH7dIamz1+dSMrOonLZpTmUj4y:OgO4jtJQf9ymNZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
54f7e16ef4c17367bfdb6634a7a56d09_JaffaCakes118

Files

54f7e16ef4c17367bfdb6634a7a56d09_JaffaCakes118
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\bocsafetydevphase3\776a25a2\23d4aba8\App_Web_lugn6mpw.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 4KB - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ