c75a088d928c02ef395a8bdc45ad0581_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c75a088d928c02ef395a8bdc45ad0581_JaffaCakes118
Size

222KB
MD5

c75a088d928c02ef395a8bdc45ad0581
SHA1

c10de6586272513962207f9197c8eec080215fef
SHA256

0ef19a382237906cb1772fe20eba0eea7353728883b054f5597237e71c6e8025
SHA512

d2878c2dda041c354100801d8e5f34338fe17a1a22381c771191bee20445b4b9c16b7963dc01c8bd660d225bc9ac3022bffadc50778e83005788ab8cbc5768f1
SSDEEP

3072:nQ5IcAFnEFWfMU342Y9o3C9lzJ2PdZ3ztYe3c9YN/D8WJsmnvcz0ron:/nGeI/okzJ2Pd5pv3c9YN/D7smv6rn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c75a088d928c02ef395a8bdc45ad0581_JaffaCakes118

Files

c75a088d928c02ef395a8bdc45ad0581_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Administrator\Documents\Visual Studio 11\Projects\DataProtector\MssBuild\MssBuild\bin\Release\Obfuscated\MssBuild.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ