0f50e6c7ab5576b56215bc5e1edfb122_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0f50e6c7ab5576b56215bc5e1edfb122_JaffaCakes118
Size

20KB
MD5

0f50e6c7ab5576b56215bc5e1edfb122
SHA1

58a7a70477f2b5ebac9b30a5eb7aa03bc3ec5e9e
SHA256

491db67bf45346f6cda17ee99ef00ef4d1306b1c02cad569eeffeac7230a6ec4
SHA512

2efecef4e9e70c40f420acc55be0501f9dc63b8ce7dd147d9437f8515684466873121dfa984497ec2c0018656e84ad8cc10683b8d9c32c960a4d6836d86db803
SSDEEP

192:ojBIL/F8laMIqLdlFv94Xx+dfRQzBqdb3evP/TUt3BdbSfQuK:o8/4nLdlFvs+dJ+Bqe/TmTS4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f50e6c7ab5576b56215bc5e1edfb122_JaffaCakes118

Files

0f50e6c7ab5576b56215bc5e1edfb122_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\snapshots\cc.net\mars_rfld_release_production\CT_SW_Foundation\System\PortalClientLauncher\PortalClientLauncher\obj\x86\Release\PortalClientLauncher.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ