d2eadf6786d0c71e0dc1204a1d1616f3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d2eadf6786d0c71e0dc1204a1d1616f3_JaffaCakes118
Size

396KB
MD5

d2eadf6786d0c71e0dc1204a1d1616f3
SHA1

ed94f7730706e11016cfea94635be0adbaeff69b
SHA256

91659fcfcb2e24d8dcb10b938e197be59dd07e2f2f5fc7fed644606ba3d6e2ad
SHA512

9c7781cc5359625a15500a5adfc5cfcb890c6f679296d9ae8cf32578db8c209d1f3b44db3c87762f78206b4903cdee67c6c240f157ecc9bb3348afe148186483
SSDEEP

12288:pTfiX2xyU/J2XNPDgV5y18BoBt4REpGEqk:pTfKMk9PDgby18BuFp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Cosmic.exe

Files

d2eadf6786d0c71e0dc1204a1d1616f3_JaffaCakes118
.rar
Cosmic.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\Windows7\Documents\Visual Studio 11\Projects\Old\Banii\Banii\obj\Release\??.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 313KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Read Me.txt
dark cosmic w7.jpg
.jpg