mercurialgrabber | d41eebef8dcc0c21529bedf93c6b1287_JaffaCakes118 | Triage

Sharing

General

Target

d41eebef8dcc0c21529bedf93c6b1287_JaffaCakes118
Size

3.2MB
MD5

d41eebef8dcc0c21529bedf93c6b1287
SHA1

dd314781d2656e47643d28861428ac3af2a0bf03
SHA256

6a5828ebe60437b32192ea3a81ea04e90f24dc9b352b1680781cc22c742ff946
SHA512

a0c022800cc24407c5700f0e5660491a1d6a7f0524e7db78bcadb3a1d8b8eeebd5074a75dc2fbc20df2068c4ccd7565dc18379bf6383c8204e6240c5bc112466
SSDEEP

49152:anrhr/vAcWKv6X3o0GQN0s/g/ybPUt81yyxYHm9m9h2nrhr/vAcWKv6X3o0GQN0G:an/WG6H/THYHmucn/WG6H/x

Score

10^/10

mercurialgrabber

Malware Config

Signatures

Mercurialgrabber family
mercurialgrabber

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d41eebef8dcc0c21529bedf93c6b1287_JaffaCakes118

Files

d41eebef8dcc0c21529bedf93c6b1287_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: - Virtual size: 622KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.lunar0
Size: - Virtual size: 648KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.lunar1
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ