a9637b1452d55d360b158f63c5526db7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a9637b1452d55d360b158f63c5526db7_JaffaCakes118
Size

823KB
MD5

a9637b1452d55d360b158f63c5526db7
SHA1

db7619b4421eb499ce40879e30bd6852d6b5a579
SHA256

f54d7f8b7696138a8e5d3b36ac4fece4d9b4688816e7e72cdb5d51017c8aeba4
SHA512

841c62eed37ae537fe0f48bc4e9e79c5384f7bb6a34008a53ae227d0717cac45e223af5224937e510a6a3d70a7913f564cc0dd742499d3608b22c9ca73bed139
SSDEEP

24576:64gRdQNnPGtj42iJd5Yq7+qInH/cM8scuKM4Tvh8K:64gw1tJXYq7+vH/cM8scuKM4jR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a9637b1452d55d360b158f63c5526db7_JaffaCakes118

Files

a9637b1452d55d360b158f63c5526db7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\build\ob\bora-476607\bora\build\release\apps\usbArbitrator\vmware-usbarbitrator.pdb

Sections

.text
Size: 338KB - Virtual size: 337KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 200KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 58KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.qnk
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE