quasar | 5e5cb9a1be725bbcfef55f98502d874d_JaffaCakes118 | Triage

Sharing

General

Target

5e5cb9a1be725bbcfef55f98502d874d_JaffaCakes118
Size

352KB
MD5

5e5cb9a1be725bbcfef55f98502d874d
SHA1

543febff0e53c7f5badb97bd0ab9509530eca434
SHA256

f218439bafeb99c3225c252bb9e290a583d674de0890674f7e950376b41fa71e
SHA512

0f5f8b0f27f2833a082d01d705427b7eabe57aa85f720494c37f3284ffe5289f45deb7dc1c26f1c504a721233044af211653fae062e529c773347ac141457283
SSDEEP

6144:um2w+hJKnBOPPeWKYHI/D08bZujC0DF6D2+hB:HaJiOJK5/SjCa6D2+f

Score

10^/10

quasar

Malware Config

Signatures

Quasar family
quasar
Quasar payload 1 IoCs

Processes:

resource yara_rule

sample family_quasar

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
5e5cb9a1be725bbcfef55f98502d874d_JaffaCakes118

Files

5e5cb9a1be725bbcfef55f98502d874d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 349KB - Virtual size: 349KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ