13b4eb0e5b5693581dd05f6a5edcb17a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

13b4eb0e5b5693581dd05f6a5edcb17a_JaffaCakes118
Size

144KB
MD5

13b4eb0e5b5693581dd05f6a5edcb17a
SHA1

a50b5082968246c7c2efa04baa0ca6a1ccb7cdb9
SHA256

79cbbf91fa8334bce3fbaa70db0aca9ade574c06a8fdda7d74c1bd4145dd2cb1
SHA512

72339fcda54a7085494b40aaad2ce95c8a130bc323229a9f55dd8893e9dca949d17242201693b627bf6a29a4a8b59ef81ce4424e938e9f694e1e563e15f11528
SSDEEP

768:drdX8Y4weYMct/OivFU7Rg1cyuKZKUVFhAToZcSS7DpjpfKoqtziSvkQ35H72WxL:dr6p0McNOKaWsgRh/cSuNS9ii/5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
13b4eb0e5b5693581dd05f6a5edcb17a_JaffaCakes118

Files

13b4eb0e5b5693581dd05f6a5edcb17a_JaffaCakes118
.exe windows:6 windows x86 arch:x86

c084581af25b8358bf51411745aaa67e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

postsharp.compiler.hosting.native.x86

??1CClr40@@UAE@XZ

shell32

CommandLineToArgvW

Exports

Exports

??0CClrAdapter@@QAE@ABV0@@Z
??4CClrAdapter@@QAEAAV0@ABV0@@Z
??_7CClrAdapter@@6B@

Sections

.MPRESS1
Size: 33KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE