6586125500988e991aca9b5622bfe60c_JaffaCakes118 | Triage

Sharing

General

Target

6586125500988e991aca9b5622bfe60c_JaffaCakes118
Size

157KB
MD5

6586125500988e991aca9b5622bfe60c
SHA1

0f84483ef57e58a82cc7e78e3494466bfb27ece5
SHA256

efdd9aa3d6f915468605679366949e3f12d90e2dc38fabfeae0eb148eaeac415
SHA512

82e2faf36b4bd44e71348e0714d9e7e453d7393816b3737482655ab00580dba9a5cd6f633a148f3319f6b47dca33ce5fa5bd2718528b889254033a9c9ecde5b4
SSDEEP

1536:axSoB6lz68ygxWqv9tuKGBHZTl1G5DwJTQmam0exANIutrvZG5DwJTQmam0exANp:axxOOZHG5EJT7f0VOOZG5EJT7f0VOOH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
6586125500988e991aca9b5622bfe60c_JaffaCakes118

Files

6586125500988e991aca9b5622bfe60c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Luna\Documents\Visual Studio 2015\Projects\CrazywinksDLLinjectionTutorial\CrazywinksDLLinjectionTutorial\obj\x86\Debug\Mercede$$quad.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ