fbba4863baa357bdf7af25f546080345_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fbba4863baa357bdf7af25f546080345_JaffaCakes118
Size

30KB
MD5

fbba4863baa357bdf7af25f546080345
SHA1

50b09d1754ec4a5f0fe315558571279eb6b5d253
SHA256

542c2acd982c27703c1db73d280b9061a516d9b9a68acbf8f80a367e52c15035
SHA512

1929aa667eeab657149bdb3ddee79c18b3af3b9d2a375719d1bc2abe400548e0ff41264cb0f07ba5fe2f2cdafdd2f6bbafcbc297e988aee16c0e9f7074d72817
SSDEEP

384:xiyWqn3LukRC6fPquL4BiSRVf2yW+kTGJdguHo/B+87d:xzL7ukRl1SRB2yW+GQdgio/B+87d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fbba4863baa357bdf7af25f546080345_JaffaCakes118

Files

fbba4863baa357bdf7af25f546080345_JaffaCakes118
.exe .ps1 windows:4 windows x86 arch:x86 polyglot

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\10\AppData\Local\Temp\f2923997c7be4704b0816163b1f64e1f\obj\Debug\net462\d.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ