20ded6724079e71b3e320e8800bfcc30_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

20ded6724079e71b3e320e8800bfcc30_JaffaCakes118
Size

15KB
MD5

20ded6724079e71b3e320e8800bfcc30
SHA1

38b064a7a3b17bfdcf833b14d9c9e8490d08d670
SHA256

ca20cadb5e144a10b00ed6217711d42577be8203d79fec187735534fb86ea580
SHA512

3a36905644968499f16e9225fc3350f21835dceac4d0a2065008ac9711c3d9bbee420cdcaaa015f1dc63da38da7826380d56ec060f2ee532c004b232d3e60765
SSDEEP

192:pHimgoyXOchBkkUZcL0aqlJc8QjPjaX9EMu4HLtG2INc4PyRgiemAiwKxCe27CK5:pHfkXOcs201s7jaXGMyQXjxCTZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
20ded6724079e71b3e320e8800bfcc30_JaffaCakes118

Files

20ded6724079e71b3e320e8800bfcc30_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Documents and Settings\Administrator\Desktop\New Folder\svchost\svchost\obj\x86\Release\svchost.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 155B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ