jupyter | JaffaCakes118_6a43c1947b188df41162c2e4febd2d18b6a5a5b249404449317699fae9587162

General

Target

JaffaCakes118_6a43c1947b188df41162c2e4febd2d18b6a5a5b249404449317699fae9587162
Size

41KB
MD5

48e8437f686a4f9464f6e2c9490ff37b
SHA1

46300b9bea8ec12eaecd050fb54afbf19734b24c
SHA256

6a43c1947b188df41162c2e4febd2d18b6a5a5b249404449317699fae9587162
SHA512

e4715e5993f41a19bb0d1032115b257f975d01be9524d2c85fa2d43e73f5000f8f9e9b37b0f5f3c82184657c8192fef6e132f6adea67cec320b5fec3b03e6a96
SSDEEP

768:zVuApCstVFZ4QPkeL1Ad4Do3ndERNUX/lo7ITtHTA3WZNYOKsYMGH3rrTVbnPFMo:z8YMQcAOdERCX/l7LNZKsYvVPCADdL

Score

10^/10

jupyter

Jupyter Backdoor/Client payload 1 IoCs

resource	yara_rule
static1/unpack001/3147cd2ee6938d50d2cdc7e157ad1125de2229bb35454cbde502746d6a36154d	family_jupyter

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/3147cd2ee6938d50d2cdc7e157ad1125de2229bb35454cbde502746d6a36154d

JaffaCakes118_6a43c1947b188df41162c2e4febd2d18b6a5a5b249404449317699fae9587162
.zip

Password: infected
3147cd2ee6938d50d2cdc7e157ad1125de2229bb35454cbde502746d6a36154d
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 136KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ