3f87938412145c603c800e4bc39bd2f7_JaffaCakes118 | Triage

Sharing

General

Target

3f87938412145c603c800e4bc39bd2f7_JaffaCakes118
Size

1.4MB
MD5

3f87938412145c603c800e4bc39bd2f7
SHA1

c1b44a4e3d5d51165ec4307a53fd3871ca84d027
SHA256

f41bedae4a2cc28de89206c24da2cefd255d66816f3ecba23a8377a76f59e15d
SHA512

87bd22ca89894ed9c8bbf11ec15ed99f6064b30d674dba9aea6645b64ac6e93f1ed9e1fb941f3cf39e2899942e1007574a512fc4f9bd705702bf971bb948dfe9
SSDEEP

24576:ZEaF7JHxzNhgGtiF7CT4GXaFvJxpp9hwiLyF7ChRL6:ZEe7JHxNBY2TlevJxr9HI2hRL6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Halkbank.exe

Files

3f87938412145c603c800e4bc39bd2f7_JaffaCakes118
.zip
Halkbank.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ