62dc84c4193b43982a0bcfb1a79d79d3_JaffaCakes118 | Triage

Sharing

General

Target

62dc84c4193b43982a0bcfb1a79d79d3_JaffaCakes118
Size

1.2MB
MD5

62dc84c4193b43982a0bcfb1a79d79d3
SHA1

a3ac4513fcfe313612badaf943ff4faf8c9a6443
SHA256

84f706c28e141557096563b9155855945da51a707990abf055765788110830a0
SHA512

03db4e64b6e05bd40519849d64d4f3a18ca0d6c8366a199f4989eb9814f95a91626f29a5e820050bb0497d8527b9888a998b0e5bfce219720fa5adf719928cc5
SSDEEP

24576:oeGefCnE7Oduehdi0LHgZpJEdDZSx7kMiyqCe:oeGRE7Osehdi0LHkJEtZI7TiEe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
62dc84c4193b43982a0bcfb1a79d79d3_JaffaCakes118

Files

62dc84c4193b43982a0bcfb1a79d79d3_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

t:\setupexe\x86\ship\0\setup.pdb

Exports

Exports

_GetAllocCounters@0

Sections

.text
Size: 505KB - Virtual size: 504KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 207KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 335KB - Virtual size: 334KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.tqn
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE