ea18fe0423c75ef98ba67ff5007c4ebe_JaffaCakes118 | Triage

Sharing

General

Target

ea18fe0423c75ef98ba67ff5007c4ebe_JaffaCakes118
Size

1.1MB
MD5

ea18fe0423c75ef98ba67ff5007c4ebe
SHA1

639e898a3bd5ecd30d78f7c7e8893e79229bdfcf
SHA256

6a22a4de220e4e271f2b9136ce963d1eb86fb2545f83f167de05dea3dca0904f
SHA512

2c59ba02c4c19dfef8fe9bcbf00047484673ce8ef879c69245b303740997816f7c3965bb7c9f79d91a737d917a6f4e4fdef6bc6dc974616f7733a46a7e1e267e
SSDEEP

12288:5eyzrb2QQHxrYttm4Cfxa9ViAzKPDXkU9w4gUKdzKxi+2/AalQLZHf01noDPaswM:XDt4uF4Z/5AZJt2oancdh5kIHR6/XNV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
ea18fe0423c75ef98ba67ff5007c4ebe_JaffaCakes118

Files

ea18fe0423c75ef98ba67ff5007c4ebe_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Users\Roshan\Documents\Visual Studio 2010\Projects\ReFUD_3.9\ReFUD_3.9\obj\x86\Debug\ReFUD_3.9.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 154B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ