a60b7c4d815fb56354240c817799e66d_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a60b7c4d815fb56354240c817799e66d_JaffaCakes118
Size

317KB
MD5

a60b7c4d815fb56354240c817799e66d
SHA1

323a49e7db3c905ca049b6410e234631153055d4
SHA256

256b0c2059ac9b512dd190ac83760c8b6e019a00484e763d2f50cafcc5d552e4
SHA512

4042afb5c0107340d429411788c3cf3abaa61501685573a05b242e08dec33bb2fdaf7bb477f9e88bf72c50ab3a3d4cc98b093f61c553b25a8a7df50e365f288f
SSDEEP

6144:lDIf4Rnb8kqYNK2KIEUJen9wor1Pzhx2fl8JBr51s9HezAgy:lDIf4JqrrnnOotFMKVGay

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a60b7c4d815fb56354240c817799e66d_JaffaCakes118

Files

a60b7c4d815fb56354240c817799e66d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Documents and Settings\Administrator\桌面\20170730改版企业版2.9源码\serverdata\Release\NewTest.pdb

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.spm
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE