snakekeylogger | JaffaCakes118_bed4a226f15973889e2b2d7b22139ae7da36ca8cf294ee6dadcf5fa745718675

General

Target

JaffaCakes118_bed4a226f15973889e2b2d7b22139ae7da36ca8cf294ee6dadcf5fa745718675
Size

45KB
MD5

e619bf43bb7e37fffcb9e1703cc07239
SHA1

517cc95ec79740224e89c3e801d2b53ad43c0f24
SHA256

bed4a226f15973889e2b2d7b22139ae7da36ca8cf294ee6dadcf5fa745718675
SHA512

d574e6cccdc3e248a60d3609b560470f6820209d62568e29d21a17d8fd0e55cc9d1e3a4271b66431f01bf669871c469abf63aca6b0b303d4203480b3c14d56e1
SSDEEP

768:b1H9TT4JS7mby2fgJIvPSAz/zIAHQktHf/1oBPf2UqUobAgc2HRwCM2REHdZ3+mU:xdTGbYRAnIAHQ2Hf9oBf2ZbAcHGCM2ew

Score

10^/10

snakekeylogger

Family

snakekeylogger

Credentials

Snake Keylogger payload 1 IoCs

resource	yara_rule
static1/unpack001/2dba858531f202616c3902f48afb710ec67dc2c53a6747c5073e44ac4582178f.exe	family_snakekeylogger

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/2dba858531f202616c3902f48afb710ec67dc2c53a6747c5073e44ac4582178f.exe

JaffaCakes118_bed4a226f15973889e2b2d7b22139ae7da36ca8cf294ee6dadcf5fa745718675
.zip

Password: infected
2dba858531f202616c3902f48afb710ec67dc2c53a6747c5073e44ac4582178f.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ