fb569843971e60c3dd683ab3c7e9d066_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fb569843971e60c3dd683ab3c7e9d066_JaffaCakes118
Size

29KB
MD5

fb569843971e60c3dd683ab3c7e9d066
SHA1

dc76996a0570b4dc7e2d7170771740a67f61be5b
SHA256

3f764ea7747de1a559a0510990d98e094f812ca8ee290d6146a755e01f74107a
SHA512

809f85040375d1681447f2edc4cbbc12b063bda0b480eb229bdc95bd547b29d607e540be50660eddb2218c3c51eedea4af18982f4996e75bdf0ca7a16c8fb796
SSDEEP

384:naPQNeelH1NCtCweFIXTwqRVSZZqEHDW68ZwR9hohbkJlLNjDx:nag3jQUEVIHDpT9tfXx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb569843971e60c3dd683ab3c7e9d066_JaffaCakes118

Files

fb569843971e60c3dd683ab3c7e9d066_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Programs & Current Work\MeThBot - Process Inject Test Subject\obj\x86\Release\SmokeBoats.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ