C:\Users\css\source\Mercurial Free\Mercurial\obj\Release\Mercurial.pdb
Static task
static1
Behavioral task
behavioral1
Sample
890fd59af3370e2ce12e0d11916d1ad4ee9b9c267c434347dbed11e9572e8645.exe
Resource
win7-20240903-en
General
-
Target
JaffaCakes118_bf72e18c9989ed14e7c45e23cd4c49b3
-
Size
2.9MB
-
MD5
bf72e18c9989ed14e7c45e23cd4c49b3
-
SHA1
4ec66a4a17af98901249b9bff6b357ca735684a0
-
SHA256
83bd0e36c955928a39fe285194b0cf79cbb79321124ef1a92d799f932152d26b
-
SHA512
16f0cdb93f0a6b0d39f4620d1a5a710fa7b5c696bd6acefe777c6fbbc96ed04bfd8394ecaaffebbd89c571b5b8e0cce9ecde5484c62ae30609bec4cb9f80f0da
-
SSDEEP
49152:X0qHUpRep18A5k9A+r28qReogyNTSVFfHWHwcsDWvW/jqTuxiQBjHgpKqS6yfFUU:X0qHiAp18Kk99xLM6WQcsD2auTuVXqPU
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/890fd59af3370e2ce12e0d11916d1ad4ee9b9c267c434347dbed11e9572e8645
Files
-
JaffaCakes118_bf72e18c9989ed14e7c45e23cd4c49b3.zip
Password: infected
-
890fd59af3370e2ce12e0d11916d1ad4ee9b9c267c434347dbed11e9572e8645.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
mscoree
_CorExeMain
Sections
.text Size: 3.1MB - Virtual size: 3.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 106KB - Virtual size: 106KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ