314068c513965b3dc656d2417b51f421_JaffaCakes118 | Triage

Sharing

General

Target

314068c513965b3dc656d2417b51f421_JaffaCakes118
Size

137KB
MD5

314068c513965b3dc656d2417b51f421
SHA1

67e0470079cb5c27e470f0bd3e9919547e693844
SHA256

1c190c8b0590f3dd8a09ad97ee04f1f8367b92c3215e77cd064843cad71336a4
SHA512

41b7b8749911a717bdcfbe39e8c1b7fdd92d97847c588667bcb8ba79374720203ae09573c570559fd4f313d5171c41a4c0b70e1a86da7a22eb9a4b52dc13c593
SSDEEP

3072:QRkWFvbB7dDevS/L+ac3qPSYdNv/1VT7lA5QV3HBUnx9K:QLFvdpD+ac3qPPv/1nA83BUS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/bypass-cmstp-njrat--master/cmstp bypass v 1.0 3xploit.exe

Files

314068c513965b3dc656d2417b51f421_JaffaCakes118
.zip
bypass-cmstp-njrat--master/README.md
bypass-cmstp-njrat--master/Screenshot_1.png
.png
bypass-cmstp-njrat--master/cmstp bypass v 1.0 3xploit.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

cmstp bypass v 1.0 3xploit.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 191KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ