d092a3426f60e455a7be58a20c00e2f7_JaffaCakes118 | Triage

Sharing

General

Target

d092a3426f60e455a7be58a20c00e2f7_JaffaCakes118
Size

113KB
MD5

d092a3426f60e455a7be58a20c00e2f7
SHA1

82001fc5c731822e5e1118ffc657f5df38d219b4
SHA256

6343fb051e15dbbf2b9dc47b924a9e0a3086456612e7a31ce15054cd3d5601a7
SHA512

5900c1f390fcd83664fc06fa0fda80cf0fea200fa847efbfa2d3cd0faf25afa89c24f73a4a515a06843d21390dd67799b91ea24b8e0cc6c36046b7ea9098f411
SSDEEP

3072:rlu00ND/qXdr6mHul3EQY9jlcT0vREfWb5P5t3sPNMfF:5N0NqXJ6mH+3OWTMR3tTMAF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Crypt Your Text By Ahmed Wolf.exe

Files

d092a3426f60e455a7be58a20c00e2f7_JaffaCakes118
.rar
Crypt Your Text By Ahmed Wolf.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\users\muhamad kurda\documents\visual studio 2013\Projects\Ahmed Wolf\Host Encryption By Ahmed Wolf\obj\Debug\Text Encryption By Ahmed Wolf.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 259KB - Virtual size: 258KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 241KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ