a92d6883b0556f75d569fb76eac561d1_JaffaCakes118 | Triage

Sharing

General

Target

a92d6883b0556f75d569fb76eac561d1_JaffaCakes118
Size

550KB
MD5

a92d6883b0556f75d569fb76eac561d1
SHA1

b94fbb563e69aa5043d1273487e2d2e7e8363930
SHA256

cef0097b8deb1113156c08bcc889706f7bfc1f2e00bd12360cb50e68b475c06a
SHA512

7b697fd939eb7114063e2d91c1b095678469107d3b5c94c755d56548f93e5625c64e4fcd3b70e2d991a2796c71c531303b64665f3f1b313fd4c9aaa367f9eff1
SSDEEP

12288:P6gFNCZs6a3DQkSIK1KnvQKuFjicdtX2Z10o1cLzKWN8kFvD5nuI:P6gz8sykZVndcucL2PnWD5nuI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a92d6883b0556f75d569fb76eac561d1_JaffaCakes118

Files

a92d6883b0556f75d569fb76eac561d1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Templates\K????2??.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 526KB - Virtual size: 526KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ