16c7c185724c9677c80c5455ad43ffb5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

16c7c185724c9677c80c5455ad43ffb5_JaffaCakes118
Size

637KB
MD5

16c7c185724c9677c80c5455ad43ffb5
SHA1

8ff3f8dd35a6fdc406065c45595a01fd82f63bd1
SHA256

20a4702e3ef4d46f62db52d9b98244ee356967d332c4978ba653fc5cb68ee82f
SHA512

c7314033a8b5ef8de3b56eae44c80e726bfc02f507b1cd6820d853594218fbb57b2df95b72041b66afb1abae44fe3046d6502a915ce759f876a7f164eb40ee13
SSDEEP

12288:YZEC6ck6meo8EUk1Bdz0m5Yf5mYs//izhm2TTjIkYq1rEiTp5beOrDlAwebYz4XO:ZdUkXwhJV14i7P4moQTV5n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16c7c185724c9677c80c5455ad43ffb5_JaffaCakes118

Files

16c7c185724c9677c80c5455ad43ffb5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Alin\AppData\Roaming\Microsoft\Windows\Templates\Xb????7??????6.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 613KB - Virtual size: 612KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ