0f48af604b18f4a3e8921b8ac09fc60d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0f48af604b18f4a3e8921b8ac09fc60d_JaffaCakes118
Size

236KB
MD5

0f48af604b18f4a3e8921b8ac09fc60d
SHA1

f785cbc0c17149c1bda2f48d8a00e07167d50453
SHA256

a73290c410080ecb0b95d0178e24004d246920ef0732c6d1aff77ca67c742561
SHA512

24e6251e29548088ee9f7d659e5aa3dc50cba90ec55781626cb6cd55192cdf7334e22a102faec61b40f598e98af30df887c8e7fcc5b685debaa23196c5319109
SSDEEP

6144:n5cJRQbc2t84RxR0Y01Dn0lAQ99GCrTXjmX/j0eWI:nvbfhxeFAqCCX/i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f48af604b18f4a3e8921b8ac09fc60d_JaffaCakes118

Files

0f48af604b18f4a3e8921b8ac09fc60d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Templates\??4Em????.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ