1100b6a33ddc0db474c7f5b2ac9b1f69_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1100b6a33ddc0db474c7f5b2ac9b1f69_JaffaCakes118
Size

382KB
MD5

1100b6a33ddc0db474c7f5b2ac9b1f69
SHA1

4acf453745a0858a5c2539527b3f4319ad18d8ed
SHA256

21f7df940b48bccecc3a0d1e1b1a2c23ef6d4f4fb4280ae51461ca45891c0ce2
SHA512

6037d8b73b18d88ea49da5893a1b0080356eaddc28efc6d91a2c2b4756dca12a8b68237a1be0290b18d3fe48c646aeca77344cd1ecd45516e98cf8b27ff77a6a
SSDEEP

6144:OP//gryMN0zdOWgb6Y6veN4LOPX4NJ7+BIIVii8dTOmkst+Qj7X21BTo/:OPHgrym0UbiveaLrNJyBIbdTOM+M21R8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1100b6a33ddc0db474c7f5b2ac9b1f69_JaffaCakes118

Files

1100b6a33ddc0db474c7f5b2ac9b1f69_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\jenkins_home\workspace\PPTVClient_Jenkins_Release\Release\PPLive.pdb

Exports

Exports

?Set_CrashUploadParams@@YAXHPB_W@Z
GetExternElapseTime
GetStartTickCount

Sections

.text
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.khe
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE