a94cda07573dcb7d05700c2649ba426e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a94cda07573dcb7d05700c2649ba426e_JaffaCakes118
Size

386KB
MD5

a94cda07573dcb7d05700c2649ba426e
SHA1

5bf4e0e9cf994766dcadf70fb9798272eff8124b
SHA256

095386b0becc357595ada466cf658ad16a6b1e8433688896d3ddb46aa20f90bd
SHA512

e637205a64dd9a581f48b574f4b7d6c2ccc172f2e60e66772e66cf4d1c3a80ff9c958a181a57a6921226b08714c633b92e50f9aa6a3d392dfbe180f88ca6b01c
SSDEEP

6144:e3k1RAgrTWI7mD4QK4INVluxN11t+kvmJM11uKh9jfj4CwYwXn+bJPPB3DgTHq:e3mAg+3cQt8GxNBrOaFXk9RXnW3+THq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/xhnetrecorder.exe

Files

a94cda07573dcb7d05700c2649ba426e_JaffaCakes118
.zip
xhnetrecorder.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 621KB - Virtual size: 621KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Ʈ��.url
.url