324f64b872ce8e95b745a51fb7384aad_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

324f64b872ce8e95b745a51fb7384aad_JaffaCakes118
Size

385KB
MD5

324f64b872ce8e95b745a51fb7384aad
SHA1

649d15e5a67dfbb391ae7724898cdfde9f95a363
SHA256

435c0e4476fc5ce32334077384c57c6fd8dc7b73d8cf5002cd0803ff33381586
SHA512

99168427781a8f2c5bb1b13bf5a25198378387d8c515864eb5eafb987a5799444d758e459cdc5bbac821a1967a38f148c477ddbfa25f204f58e83e6d8bb06f3f
SSDEEP

6144:/d2UKc8c42huiie70ftbHAamPncxIJyW1BFghYbBqVUNGuRkvLsZOQvpO3+B:cc42hvogn/vLznBzGUkvIXpm+B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
324f64b872ce8e95b745a51fb7384aad_JaffaCakes118

Files

324f64b872ce8e95b745a51fb7384aad_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Documents and Settings\1337\Local Settings\Application Data\Temporary Projects\WindowsApplication1\obj\Debug\borlo.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 174B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 663KB - Virtual size: 662KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ