390c878bd685797f4c0445d9fb38d3ad_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

390c878bd685797f4c0445d9fb38d3ad_JaffaCakes118
Size

1.8MB
MD5

390c878bd685797f4c0445d9fb38d3ad
SHA1

739b57baeea754ab671fc4adae3c8b0d2ed47a92
SHA256

9f26a6a78a7f5903ce91d23a404baf5074a4de14c59686f9c4fb435bad47f98f
SHA512

5b9ccbf86c65484e45c03d8b0a57532f0d56b1268253e7f6d02a0e093d8bd867685d224f98ab9681dc2790692acc3ff6dc5f3b387696a52d4ed5687bb89c76ab
SSDEEP

49152:9TvGg2f3w6ffpAvUACMiP6wsHWJ2h5odFNCl2L4s:dGPggy9S2sF8l2L1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/GoSadari.exe

Files

390c878bd685797f4c0445d9fb38d3ad_JaffaCakes118
.zip
GoSadari.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 648KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 89KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 7KB - Virtual size: 596KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 784KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 349KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE