General
-
Target
b0fb5cb83a5fa81942b4d0f185699bf0_JaffaCakes118
-
Size
35KB
-
MD5
b0fb5cb83a5fa81942b4d0f185699bf0
-
SHA1
e1e23f8daba9a0eca6166f1379fddaf200fdfccb
-
SHA256
d6de04701c2c10fc57cdc03ef0eccd63106e460151fa0046f001fd83c32af39d
-
SHA512
0f56c7afd4a9b1b1e6139e939ca9b429a3a2bb65fccbd8d36d0ae4da035d374fa46cd00b2e6226d22dd34bfc96f4b426b37cbaa3f4538b3120c09cd17cd6d26a
-
SSDEEP
768:F7asDqmyk09tPEx6Pod3tNa/umNmhj4vaU1S/4Q7KSyvvNi3FKem:tDY7PEx6PodNa/DUQZee5XA1Kt
Score
9/10
Malware Config
Signatures
-
Detected Nirsoft tools 1 IoCs
Free utilities often used by attackers which can steal passwords, product keys, etc.
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
Files
-
b0fb5cb83a5fa81942b4d0f185699bf0_JaffaCakes118
-
rdpv.chm
-
rdpv.exe
Headers
Sections
-
out.upx
Headers
Sections
-
readme.txt