85d520f825bfc4b9bd13c64cf890c492_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

85d520f825bfc4b9bd13c64cf890c492_JaffaCakes118
Size

211KB
MD5

85d520f825bfc4b9bd13c64cf890c492
SHA1

ae1646865c629fbc4a39e5381c2ccad95b31ceb5
SHA256

c96826b9babb94dcdc80da8954b20bd83986c9ba5f7062b1f34dd166e99aab61
SHA512

f7d97827c46671486737aaa0f870afcd0a927eb8f989d0da4731943a27496799b85227925e7c6b976d3169cd15577bf74a4e9501d79f41d2ad660dab5f66b13f
SSDEEP

3072:rzmG/wTjxdJ0kZCG3oTZq2eeoS7yBGlhYdM0fpRaZ3G5nzYzjqxAWPdKxO0Q3/f9:rq641/TBeZNzyCh+NnQj2db0QPf9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
85d520f825bfc4b9bd13c64cf890c492_JaffaCakes118

Files

85d520f825bfc4b9bd13c64cf890c492_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Adrian1980\Documents\Visual Studio 2008\Projects\e.m.p.t.y\e.m.p.t.y\obj\Release\tvEybmp.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 154B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 821KB - Virtual size: 820KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ