16f204074fce1c0e224aa3fee53a32a9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

16f204074fce1c0e224aa3fee53a32a9_JaffaCakes118
Size

542KB
MD5

16f204074fce1c0e224aa3fee53a32a9
SHA1

887c5039037a542dc0d12d78f70a24162f1dec29
SHA256

480b2403e5bc63d718e1e5e4859de1d6b0a3248aeb55b11f60947bc8e963b486
SHA512

1706fa26c29c09ba4767418339e04a7a996e68fe38be3d173e1edbb3e9e6776fbb7e1aa04dd3b474fb19c3d9ec26602605bab11313cde0d7917944b67c04a5c9
SSDEEP

6144:VR3E0333VCHxKFKZNfKNK9fAxG9THf4LRPxiuIIq5A3lfbEWlbfimRn0F3d/JYw1:f3EwHVCHlZfIG14pniRWVL10F3duoT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16f204074fce1c0e224aa3fee53a32a9_JaffaCakes118

Files

16f204074fce1c0e224aa3fee53a32a9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\qqcert_proj\trunk\NewControl\Windows\QQCertificate\Release\QQCertBroker.pdb

Sections

.text
Size: 275KB - Virtual size: 274KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 17KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shared
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.ifc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE