a0870fcc0366421e5bf15dd39a2e65e8_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a0870fcc0366421e5bf15dd39a2e65e8_JaffaCakes118
Size

52KB
MD5

a0870fcc0366421e5bf15dd39a2e65e8
SHA1

c5e57b71dabe592c46c9c74c3dcee9fb4069dd30
SHA256

186779d7d96b910888714a12bc4581fe0a05e8e8f1a3f5d7d2b4ebca50c074fb
SHA512

45a6c487d74968ea82ccc5431b85271c651ce18e6013afe4d627c646b42b2513a8acd43fdd908f540909628e6373f2f153b4b9024715b3694f56691c968cebb4
SSDEEP

1536:Z9lYM2zB67/FlUBomqgsp2MheWJaVwmluW1/:ZfP2d67tPmFsp2MdYDluWl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a0870fcc0366421e5bf15dd39a2e65e8_JaffaCakes118

Files

a0870fcc0366421e5bf15dd39a2e65e8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\BUILD_AREA\jdk6\control\build\windows-i586\tmp\deploy\plugin\jusched\obj\jusched.pdb

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ