699afde8dda577567e7578b126f9def1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

699afde8dda577567e7578b126f9def1_JaffaCakes118
Size

3.4MB
MD5

699afde8dda577567e7578b126f9def1
SHA1

5b9475234e90e43fbe682304f8f34d0eb4595abf
SHA256

973e9150d0436d614db4a11d63feeaae6d988039df7d6f4f63508f6ad09484f0
SHA512

9fc42f1740313e785dbe2720c5425780fd43ada8386d70902bc401234c990107f02e9cf416d491a402377c060c4b3dcbb566ebf964ca64b4d25523549766292d
SSDEEP

49152:0dcqG/VD0vs94PgAWcL6lbw0x8UrSNtAhbOkxIXr3J:

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
699afde8dda577567e7578b126f9def1_JaffaCakes118

Files

699afde8dda577567e7578b126f9def1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\xnostra\AppData\Roaming\Microsoft\Windows\Templates\æª0iPÄDù.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 4KB - Virtual size: 130B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ