b6718a5b6306fddc6e3b3ccecf15757b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b6718a5b6306fddc6e3b3ccecf15757b_JaffaCakes118
Size

4.3MB
MD5

b6718a5b6306fddc6e3b3ccecf15757b
SHA1

473c9cfe60d19d181e8262c3a83e57e224844a47
SHA256

0a270174da13c7811485219619c4583af379d6dd3293eb3c1a48d1e8d103802d
SHA512

8c743801d4ae96f4834a366495553454d702edc668a1cd5385d59d775fe913a512fe497ef47577bcbb77397b7acd12ded6be4ede95089a52dd77cac3a6aac755
SSDEEP

98304:BGe2JYFL2hYdJfsQaoNt19nm2eCUTHflnxq7gRzC5Z7HKMW:mKiYdydoNT9nBF0lxq7VZbu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Power_Data_Recovery/PowerDataRecovery V2013.exe

Files

b6718a5b6306fddc6e3b3ccecf15757b_JaffaCakes118
.rar
Power_Data_Recovery/PowerDataRecovery V2013.exe
.exe windows:5 windows x86 arch:x86

bc10594f0e5b090521adac523994d99c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
GetProcessHeap
HeapFree
GetTickCount
GetModuleFileNameW
SetEnvironmentVariableW
GetSystemInfo
MapViewOfFile
GetLastError
CreateFileW
CreateFileMappingW
UnmapViewOfFile
GetFileInformationByHandle
CloseHandle
VirtualAlloc
VirtualFree
GetModuleHandleA
GetFileSizeEx
GetProcAddress
LoadLibraryW

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xcpad
Size: - Virtual size: 2.0MB

.idata
Size: 1024B - Virtual size: 654B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 380B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Power_Data_Recovery/飘荡软件.url
.url