2b006127742f12eac707f13f46852a48_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2b006127742f12eac707f13f46852a48_JaffaCakes118
Size

1.2MB
MD5

2b006127742f12eac707f13f46852a48
SHA1

7f6e9176ea1f79a5f3fa28d5f91d1987cad5186e
SHA256

0a0d27e3af474c44eb6a48f78d5e1900fd024cb53fd62d749e62ee35ad99d0f7
SHA512

cef563e63ebc05f7f183f66d7c2713b3222095f1713679fdc42cd143407a531113dc388a755e398fb4a3a892caf65da76891cb322d61ad5db5367a8c63c1ad7e
SSDEEP

12288:qhL6pK6dJbyWDcYmddP0CZycWdBa0tFrMcVNQ68x8ItoDMLZcyD+drkjC05nBZSz:FlGLz8BddFIcVL07ZcyL15BZR720I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b006127742f12eac707f13f46852a48_JaffaCakes118

Files

2b006127742f12eac707f13f46852a48_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\AymenTLILI\source\repos\WindowsFormsApp2\WindowsFormsApp2\obj\Release\PlanHarly.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1014KB - Virtual size: 1014KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ