2eb848f626663869a9270398648208b6_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2eb848f626663869a9270398648208b6_JaffaCakes118
Size

1.5MB
MD5

2eb848f626663869a9270398648208b6
SHA1

f6fc9024f3ab44cf2b8069bd85d9f00c8e198acb
SHA256

20de135d5d49be5617c23a1f64e5ffdaf57dbfda531a6a1b5248f22df46b1515
SHA512

a9925669e5c2170cadad43a3f9f72e4305ebd85e5aa8077efd93fd6f21c828e57818a1f7ee0d5bc2c4c314a32d87e2beed9f2a0b6c2ecedde0239c6b11576e79
SSDEEP

24576:4EznOOXKC3hVJBi7YGU+uCsqzPOkU2RowC7Is9ApO46WlzRdT7zgBILY:4inOTC3hVJBi7YGU+uCsqDpU2RowC7I8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2eb848f626663869a9270398648208b6_JaffaCakes118

Files

2eb848f626663869a9270398648208b6_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\clientci\workspace\yingyin_compile_4.1.2\yingyin2\build\Release\pdb\FileAssoc.pdb

Exports

Exports

UpdateUserData_

Sections

.text
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 31KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.ifc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE