163ec358b462909323950f3b6a3685e3_JaffaCakes118 | Triage

Sharing

General

Target

163ec358b462909323950f3b6a3685e3_JaffaCakes118
Size

62KB
MD5

163ec358b462909323950f3b6a3685e3
SHA1

238a2f43af2f17165d3eda6bbcf05a585ae03019
SHA256

a2288fdd18edf320d9c011659320cf8dca0a9bc656b579a2314f37da33bb1e2e
SHA512

0f2b9d1da69bd64cca69e49c845df568b76144fe3354964556dc75204a2f952560568dc3dc378e953171979195ea489afd40dfea0ba51ba83798745a291c6013
SSDEEP

1536:IN8uyPEHNC/hn5yVTQ3r8GUPoksapqVDLY417x8:ZuBC/hn5yaAGUPHqD5Rx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
163ec358b462909323950f3b6a3685e3_JaffaCakes118

Files

163ec358b462909323950f3b6a3685e3_JaffaCakes118
.dll windows:4 windows x86 arch:x86

a56f115ee5ef2625bd949acaeec66b76

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA

Exports

Exports

CorBindToRuntimeEx
CorBindToRuntimeEx2
GetRequestedRuntimeInfo
GetRequestedRuntimeInfo2
IEE
IEE2
LoadLibraryShim
LoadLibraryShim2
LoadStringRC
LoadStringRC2

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 405B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ