mercurialgrabber | 0769ae729f371d75db74782874153575_JaffaCakes118 | Triage

Sharing

General

Target

0769ae729f371d75db74782874153575_JaffaCakes118
Size

1.0MB
MD5

0769ae729f371d75db74782874153575
SHA1

d81b044a1143176b2fec65d8ef399c27cfd10a3e
SHA256

e00e5c20d550021500d0354341c6f58175a0e74aa3cfeda025c7705a375d0160
SHA512

e8d175a0ba16c1b334e059b7125f2cb70d9e4eeceba4dddb55dad539a11a0182d54366f9d12051fb0461e8fe43c6001264349b7607c39a9508ad756ceba90a30
SSDEEP

12288:24AvSUlOwVFdO2MS5iZYfHgejTKfLZgyM9CcFEvSmlOwVFd:24gSUIwUY/3KfLbMJESmIw

Score

10^/10

mercurialgrabber

Malware Config

Signatures

Mercurialgrabber family
mercurialgrabber

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0769ae729f371d75db74782874153575_JaffaCakes118

Files

0769ae729f371d75db74782874153575_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Administrator\Desktop\Builder - Fake Error & Downloader\Builder\obj\Debug\Builder.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 707KB - Virtual size: 707KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 363KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ