c796dfc401a8fc5f7dc6f0872caf6693_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c796dfc401a8fc5f7dc6f0872caf6693_JaffaCakes118
Size

179KB
MD5

c796dfc401a8fc5f7dc6f0872caf6693
SHA1

5747c5f18a1bff21eddad3e709c244e0a55a191c
SHA256

11771c6bb5a330d6e2a1cf54093b5c51b377ba7568deee98374afc72afb3c5f2
SHA512

f6bc632020743bdf412d31d1adbc5c17d6bef947c895bb21d3a4225abb77f4ce0acc83d80d97ed866795c363f02ebce7112fe850554cee041547108181c67dff
SSDEEP

1536:woZ5BZa4yVZUVPP9zl85FshpPxtAamVcl:tfZ3yjUVPBy4hpPx2a8Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c796dfc401a8fc5f7dc6f0872caf6693_JaffaCakes118

Files

c796dfc401a8fc5f7dc6f0872caf6693_JaffaCakes118
.exe windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\forensics\Downloads\ransomware-simulation\oc_ransim_e\obj\Debug\netcoreapp3.1\win-x64\oc_ransim_e.pdb

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ