f498b40fb6651681e993258be16fc9a4_JaffaCakes118 | Triage

Sharing

General

Target

f498b40fb6651681e993258be16fc9a4_JaffaCakes118
Size

76KB
MD5

f498b40fb6651681e993258be16fc9a4
SHA1

74edd91a57047659db33f94797f7887a46eff7dd
SHA256

27e8a3207db3db9577d610b9c7f3df1ad0c13c450cbe05952e669e25a9f65773
SHA512

439a175580718d3771f3846f6439a19bde7698a6d42228809cfeeeb72c1b5605e96c2b244a1ec8024d5d8d130b4c2fa3ba75a9c4a394d66e38f76b3827a87acc
SSDEEP

1536:HkByBBCd4NzuOR/AK42jW8/P+koqUTy5xPtCEkbeANt1YM4:VBY24iAeL3+kKTy5NtCzb/1YM4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/State of Decay Update 17 - Yello Trainer.exe

Files

f498b40fb6651681e993258be16fc9a4_JaffaCakes118
.zip
CheMax.txt
ReadMe.txt
State of Decay Update 17 - Yello Trainer.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\Yoghi\Documents\Visual Studio 2013\Projects\State of Decay Update 17\obj\Release\State of Decay.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
options.txt