19db841eef3be94cd5e8507b1d36a1ef_JaffaCakes118 | Triage

Sharing

General

Target

19db841eef3be94cd5e8507b1d36a1ef_JaffaCakes118
Size

4.2MB
MD5

19db841eef3be94cd5e8507b1d36a1ef
SHA1

ce0dd0cc148f703e8b654c386073ffb3eba1c93d
SHA256

1dffebb8f9e06443451b1d512abb8a9b52fbeb729cb1ed352d6bdd0ab8ae630d
SHA512

76755594c171769d3b64c449fd5d8e01d013a64cc757cb719d2a0b04aa65bb4527e2e6aca81c8b2c7c61581755eaba540df95ada3f7cb5bff1091bb7736b7df3
SSDEEP

98304:pjxpHgoqrGWZzOkRsaJPD5cfB1L42wnQjxXCA3wQiCw1scnClJS:lDHgoqrGK/sAGU2TjpdTiCw12vS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ScriptMaker5_fullen.exe

Files

19db841eef3be94cd5e8507b1d36a1ef_JaffaCakes118
.rar
ScriptMaker5_fullen.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
下载说明.htm
.html .js polyglot