2004d1c44a4e6930ba5313edad6369d9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2004d1c44a4e6930ba5313edad6369d9_JaffaCakes118
Size

76KB
MD5

2004d1c44a4e6930ba5313edad6369d9
SHA1

141429b9bbb0377198ab77516e9e47a6aadb2a18
SHA256

216b12a374f8b0327f552340cfa788764a96158ebf761a477cbed9ffe7ca5eed
SHA512

9b09cba3b50b9c365ac69270941df763ea44073df321124a3ae849ec6f1669e21a39bd86bcb51d33bb59ccb109d5c7502e2a61e54991bc707f5b81fc1294d4cb
SSDEEP

1536:6C7Yv3upKWpfqzF1v/wdCWkkAid4H/pXB1SnZi:6CO/SE1v/wgMAR1SnY

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/MR_AHMED CRYPTER ALL SERVER v2.exe
unpack001/stub.exe

Files

2004d1c44a4e6930ba5313edad6369d9_JaffaCakes118
.rar
MR_AHMED CRYPTER ALL SERVER v2.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
stub.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 295KB - Virtual size: 295KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ