954eedb13bc4582006592ca56178762b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

954eedb13bc4582006592ca56178762b_JaffaCakes118
Size

441KB
MD5

954eedb13bc4582006592ca56178762b
SHA1

06d70f699f226720a39d7d5b741fb0574237537d
SHA256

5cf316a6822148363277cf442ccc5c215b2bbec8064c2665e41376e5bc04cc04
SHA512

b7b60175c30e30cd5a04dc916298845e6c2507384265fe09cde40fdbcd1bb326906065b9072348d2c2884e7e190f3a436bbd385059c116812daabbd570a33d82
SSDEEP

6144:+wfRyCW7yvdCeCN8wBrBxZaJHHQHHHeYATQQQQQQQy0CFtz:+SQCW7yvdKN8wBrBxZ+YAt0CF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
954eedb13bc4582006592ca56178762b_JaffaCakes118

Files

954eedb13bc4582006592ca56178762b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\PC\Desktop\Copy vi\Windows License Manager Service\Windows License Manager Service\obj\Debug\Telegram.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 270KB - Virtual size: 270KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ