dcdc52dfabc5ea0b5fe3bf876940e16a_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dcdc52dfabc5ea0b5fe3bf876940e16a_JaffaCakes118
Size

1.4MB
MD5

dcdc52dfabc5ea0b5fe3bf876940e16a
SHA1

9219018efa78701af62c96bbfeaad92e0b312d1c
SHA256

e7966368a7fcbb24dd2b639925fbd1e64b51490307fb9c16ab95d0ddaa9c0a81
SHA512

5c94f899234022e24da38d43e0583d4ea4c17e1143eaf008dce9107a99780861a0f806d6e351f9993c49d6810663a939607fbad28f156ec66b971e37a5785325
SSDEEP

24576:rnq5VrnHugIJ96FFhY2gUfVH5XlVYzagW4/3rn0Y5zmzRf1P2MVMbx4XclQ:W5VrnOgIqSENH5X3ngbrnL5yzpVM6XcS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dcdc52dfabc5ea0b5fe3bf876940e16a_JaffaCakes118

Files

dcdc52dfabc5ea0b5fe3bf876940e16a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\illusie\source\repos\krnl_console_bootstrapper\krnl_console_bootstrapper\obj\Release\krnl_console_bootstrapper.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 250KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ