5635e15ce81ab6e404d4947d2f78f213_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5635e15ce81ab6e404d4947d2f78f213_JaffaCakes118
Size

281KB
MD5

5635e15ce81ab6e404d4947d2f78f213
SHA1

b9dcef454dc01fb3aa70006035978459ca89cc4e
SHA256

da063eee05ccce096e0faacf1870fcaa5dca7de76a7e03712230dbeb1b1ed165
SHA512

a8683126c553c17ebd5718bcaa9833c5be471410972185270a0e6d2df731da2f599fd36c7551ce75eeef632d9423a8d08570150e88f43d69a1241030e873ed9e
SSDEEP

6144:cZ6QpU0j56Mu5pYM8aiDBuTCON7DO75kjG2a0hzYDdGjGeFSxJa:kpU9b5pYXaiDfON7C75EG2aQEDAjGeya

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5635e15ce81ab6e404d4947d2f78f213_JaffaCakes118

Files

5635e15ce81ab6e404d4947d2f78f213_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Roshan\Documents\Visual Studio 2010\Projects\ChrmStub4.4\ChrmStub4.4\obj\x86\Debug\ChrmStub4.4.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ