16bbb78da919bbb7575e100876e5b408_JaffaCakes118 | Triage

Sharing

General

Target

16bbb78da919bbb7575e100876e5b408_JaffaCakes118
Size

214KB
MD5

16bbb78da919bbb7575e100876e5b408
SHA1

0467b5b072e6d2986bf5ba348d0290b87ef16a32
SHA256

d3bfdc37ccf4bdd951d23e73cb0af58bd02c1e195c2f553cdd8de621cd9e480b
SHA512

e33aaf7ae57eabe7980903f03ab690c7e66a6e6c5d7a2886d11da0f98644be606b0d8e4daf48e087ad43d19590d6cc4b33a23b7b9baf8d16c23cac056ca9b2c0
SSDEEP

3072:AnF0UpPHzspDDlYI/mniL+YorFoqNDlEn48gg7b21daiy1NAss5lZCXMKcYQpTtB:RyEX+YorHhlE9g827aiCNGdZkc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16bbb78da919bbb7575e100876e5b408_JaffaCakes118

Files

16bbb78da919bbb7575e100876e5b408_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Surse\N0$crypter\svchost\svchost\obj\Release\svcchost.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 113B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ