fcdda33e08b3e566fcc5ad96141e50ba_JaffaCakes118 | Triage

Sharing

General

Target

fcdda33e08b3e566fcc5ad96141e50ba_JaffaCakes118
Size

257KB
MD5

fcdda33e08b3e566fcc5ad96141e50ba
SHA1

7d8f672ca620dc3864277850d81e06bb4304134f
SHA256

23973e5490456b68fd8debb90985f7f9e14d079b7744b92208c5560036f985dd
SHA512

11a8a9e22a89e4c3a9b2d36f0045802568db8b4ebd329817a1d34103cce7a9a605d87961b9fb152b1cf94ab4a7ff6b118e54495aa82845de6f8e89c60ac9c91f
SSDEEP

6144:m7FD2L8zEa4w/TBJcQMeMbzEa4w/TBJaFDkFDk+:cFD2LBJw/TEYJw/TqFDkFDB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fcdda33e08b3e566fcc5ad96141e50ba_JaffaCakes118

Files

fcdda33e08b3e566fcc5ad96141e50ba_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Tsunamo\Documents\Visual Studio 2013\Projects\ELoader\ELoader\obj\Debug\VxnvdmKksYYvjct.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 227KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ