edcfec04d359001fe05e4c926eef84d8_JaffaCakes118 | Triage

Sharing

General

Target

edcfec04d359001fe05e4c926eef84d8_JaffaCakes118
Size

442KB
MD5

edcfec04d359001fe05e4c926eef84d8
SHA1

10aff36567d25df6924adb595006a164b88d780b
SHA256

36a1bea948304d1993d6eae96a1e22bc6f6964d13083f74c2c5ddde67cc68875
SHA512

eeb9a84358e90b0bf9e81e2e2f60cb9dd77ed86b5bf5ce85604d400b40b6eef7be3330f30128dbd1cf920694f83eff8225166b2276c9611352b1fcf7deb1d31a
SSDEEP

6144:7Y4iqEUI07K8x6ZgdkZ3GVtG8gtUZl21R:0qEUZe8x5dhetUZg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
edcfec04d359001fe05e4c926eef84d8_JaffaCakes118

Files

edcfec04d359001fe05e4c926eef84d8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\RED\source\repos\WindowsFormsApp1\WindowsFormsApp1\obj\Debug\WindowsFormsApp1.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 316KB - Virtual size: 315KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ