f1355ac4f7768e58659f85dffbf12f77_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f1355ac4f7768e58659f85dffbf12f77_JaffaCakes118
Size

3.0MB
MD5

f1355ac4f7768e58659f85dffbf12f77
SHA1

8bb126326f3923baeceae48b25819b559fa8865f
SHA256

dfb52d67e6beb5f8e567739c37994314c0974948ea98077ac5b09026a25d4643
SHA512

1a18b691f003268d429494cf4676f5d9ca8b4c5da1945d2287df2ae71dcd9ecc18d4aea798a7f6a0394e7ec2fa19ebf9ed409edb41197cf8a36637c55ee0a832
SSDEEP

49152:1+pQ6ruOvDgb+ALjilOSlF6U7MfmWPm2x2Oz3IfHNRzOI7TxKnweTgR2Wm1C:0pl9vDgVL+OSloUYuWPHxpcfHNRzOu1b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/homm6_v1_2_plus8_trainer.EXE

Files

f1355ac4f7768e58659f85dffbf12f77_JaffaCakes118
.rar
homm6_v1_2_plus8_cetrainer.CETRAINER
homm6_v1_2_plus8_trainer.EXE
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\svn\Cheat Engine 6\bin\standalonephase1.pdb

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.yvs
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
使用说明.txt