6acb10d36773e259566b653db01840a5_JaffaCakes118 | Triage

Sharing

General

Target

6acb10d36773e259566b653db01840a5_JaffaCakes118
Size

627KB
MD5

6acb10d36773e259566b653db01840a5
SHA1

0c8771069149a085079f0f36791b9835e4ea7935
SHA256

c93057840aefd7188ba0eccc09e6ed3fd2ac301ffd7e18f0aa4b2edbc74c701f
SHA512

754a617ba868994a252a8508105a2f197ab1af49fca46110de8c29af611f4cdaa53e334f6c599329dddd3ed178ea3294193a71ec56439c5ae7b8fa5309d99106
SSDEEP

12288:wi8Tx/ZZIz1OmUmK/KUUOC3vhPvyIiWqqfYl5Xa3C+zvKQ+aJUFsWli1:NoxczLUmwVC3JMWfA+lziQ+iUKyi1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SystemSafer.exe

Files

6acb10d36773e259566b653db01840a5_JaffaCakes118
.zip
Hide.rep
Process.dat
Readme.txt
Safe.rep
SystemSafer.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 891KB - Virtual size: 890KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 307KB - Virtual size: 307KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
kernel.dll
װ˵.url
.url