2960c348b8819803c3830f9b294518b1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2960c348b8819803c3830f9b294518b1_JaffaCakes118
Size

1.1MB
MD5

2960c348b8819803c3830f9b294518b1
SHA1

066b3ee39d013352dc1b9a2ff60b36d9776991ea
SHA256

187315cb5a087ed9bb38fb5726597fd9d5c2b9491643606121709c6fbb14430c
SHA512

c66917a51523c8170d6297cac06a791707be49863769713aaebf57713c1fd66b720f351fc3d39fdc2a0b270bcb10e0ef1fe5e4cc242dd892774ebb70e8507fa5
SSDEEP

24576:PusYHzUNMPK/7cOxJVsirdCA2bdzeJqfynR3GPC4KmrymNlQS:PuTwqPOcOxJVsirdCARHmNrQS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2960c348b8819803c3830f9b294518b1_JaffaCakes118

Files

2960c348b8819803c3830f9b294518b1_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\hudson\jobs\backdoor-v4-kad\workspace\output\MinSizeRel\bot.pdb

Sections

.text
Size: 892KB - Virtual size: 892KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 271KB - Virtual size: 271KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

STLPORT_
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ