198de793b41c9650bdb930828be7f683_JaffaCakes118 | Triage

Sharing

General

Target

198de793b41c9650bdb930828be7f683_JaffaCakes118
Size

3.0MB
MD5

198de793b41c9650bdb930828be7f683
SHA1

f6ce7b3cda7a1aa97715f980a65ec81365d55d8f
SHA256

282a482889e1f42292cd3f7b4e8d11f0b0bd4d8ef3c7668738630f28e35ce5e4
SHA512

dbd6f52e6b6cab4cbbad2ec2590c753ee905e53a03dfa144e0fba53647fc597e4c91843f72aae905088c22999a5521de5fb672d20a507faf0a547610e343b14e
SSDEEP

49152:PHlu2FFGhBMiPi1iomcCDHOyAY8tcWEp+kci0n4nNQBo3TaBYPZkTI8:PpFQBMiKRmPDHOyAEpzGnSQBob8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/tu2sky.exe

Files

198de793b41c9650bdb930828be7f683_JaffaCakes118
.rar
tu2sky.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
新云软件.url
.url