048651f6a67266c7f8cc0c079894cded_JaffaCakes118 | Triage

Sharing

General

Target

048651f6a67266c7f8cc0c079894cded_JaffaCakes118
Size

521KB
MD5

048651f6a67266c7f8cc0c079894cded
SHA1

b905ec05cf7c01b55364d331fb18a8e94cd39ed4
SHA256

2b14158ef8919eb7c934a8e8d632d7440b633d5f4e625921d643c3c4a8a439c3
SHA512

6362d92968d97144acb0181ee17de131ef3daa044afb9b9bd7a68fc47c1bb7808ad226cff7387e1bc96c5ce537cc2bfbecd33212b4afd9d3f347922c377b749e
SSDEEP

12288:IBeF6hadbOvLGLSql8Z0A9xK/wY9iYj+xdnuxTP1TLx:IoLp3Sq80EUJ/j4GLhLx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
048651f6a67266c7f8cc0c079894cded_JaffaCakes118

Files

048651f6a67266c7f8cc0c079894cded_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\DUOWAN_BUILD\build\Build_Src\yygame\yygame2_2.26_fb_20140924\output\Release\bin\ygupdate.pdb

Sections

.text
Size: 223KB - Virtual size: 223KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 13KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.zwt
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE