415046ab947ed4e1095de0f85550f896_JaffaCakes118 | Triage

Sharing

General

Target

415046ab947ed4e1095de0f85550f896_JaffaCakes118
Size

918KB
MD5

415046ab947ed4e1095de0f85550f896
SHA1

899c0acb46429b4fa83dff31ba14d45e957d95d6
SHA256

4fe1460c7be22df71b504b06c1c4fe3673dae6673601640d56ea6d5b1bc188e9
SHA512

32ed02e9526d3e5a5710ee82224281b4ffb9b887c7e68b29263716c8ea13ac8de9114504dd9529e771957af61a0f7faee891650b1530eee5e0233c28237aabf7
SSDEEP

24576:L4j7iMd1gMraUsInWHaFwuzpF+Sd474mf4:L4PiU1JZfLOPf4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
415046ab947ed4e1095de0f85550f896_JaffaCakes118

Files

415046ab947ed4e1095de0f85550f896_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\alom\AppData\Roaming\Microsoft\Windows\Templates\??j0????K????aB.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 689KB - Virtual size: 688KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ