growtopia | 45158614b5aeb52881250618476a5edd_JaffaCakes118 | Triage

Sharing

General

Target

45158614b5aeb52881250618476a5edd_JaffaCakes118
Size

322KB
MD5

45158614b5aeb52881250618476a5edd
SHA1

d13bfb0ff271cffba59655b54db5fbed9964e33c
SHA256

a21c4e49d32311f6a0d033ef08b72416323e6f322ed9f62f7749da2cf7d85705
SHA512

6b4780bb0601b5c7af9ca9440857bc9b4f7d7dec6b7f6415d242717ede5f9e33f18cb3cdd669384da617ccf75f02d5a25a95a927e58ff2de0228cb0f9dd31a0d
SSDEEP

3072:pGHI6IHRDL5I3yjp34ZbLvC6YjchfdOglF///mPm5y1dfdq71kJXmJk7KAhgHLci:BxDLm3dJYjQzcU6mGISYjQncU6mnM1X

Score

10^/10

growtopia

Malware Config

Signatures

Growtopia family
growtopia

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
45158614b5aeb52881250618476a5edd_JaffaCakes118

Files

45158614b5aeb52881250618476a5edd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\ASUS\Downloads\Compressed\SaveDecoder-master\SaveDecoder-master\Save.Decoder\obj\Release\Save.Decoder.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 194KB - Virtual size: 194KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ