58dd0631dc5e070ce60ce4258586cbaa_JaffaCakes118 | Triage

Sharing

General

Target

58dd0631dc5e070ce60ce4258586cbaa_JaffaCakes118
Size

285KB
MD5

58dd0631dc5e070ce60ce4258586cbaa
SHA1

298550d1a1821ba320d926e0529445e669567feb
SHA256

cca94377ac2ba71a0fec12b73f0fbb83194db79e1be9e509b1d0e0e8f3db4fc2
SHA512

d0191ad963cb4af3944a71a187f61b3d719da4bc28f3b1575cee5590253e72f145f746bdb968d079ebced0d96da51f41f3dd9d23fe02b34eebbf2c6fe56283ef
SSDEEP

6144:/9SPfj7w2bhafQEPx96w3KK6cDwSL0JV:/9Snjd1Ev1L0

Score

7^/10

agilenet

Malware Config

Signatures

Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
agilenet

Processes:

resource yara_rule

sample agile_net

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
58dd0631dc5e070ce60ce4258586cbaa_JaffaCakes118

Files

58dd0631dc5e070ce60ce4258586cbaa_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Dr-West\Desktop\WindowsApplication1\Stub\obj\Debug\Stub.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 271KB - Virtual size: 271KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ