fa968be3b49afa38c035d0e36b7385ae_JaffaCakes118 | Triage

Sharing

General

Target

fa968be3b49afa38c035d0e36b7385ae_JaffaCakes118
Size

293KB
MD5

fa968be3b49afa38c035d0e36b7385ae
SHA1

4cf4bfe12ff786c603dde9da81ab10f53810c663
SHA256

3bd049cc0b0186159866586cf45e897f4ca6f2bd724dd244ebbc54e2a99f2b22
SHA512

faf7a1414055f27cc9449d7a8962a395ce6b9e056db58214ecc7d6692a5f2240a39b2bd939ad32bbffacc5e4f0826609fac4c55b8e8493c9d7915477f91ac02b
SSDEEP

6144:4lCyfS9s4YFC6DaN16/BgSHquv53PgOGUG7/ikG4gPHdEtTKa3Gu:EHfEs4YFC5u7xPxG7WjPytTKQGu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/Shipping Document PL&BL Draft.exe

Files

fa968be3b49afa38c035d0e36b7385ae_JaffaCakes118
.rar
Shipping Document PL&BL Draft.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 453KB - Virtual size: 453KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ