b386037732f1f6fa28f1175e5157dab1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b386037732f1f6fa28f1175e5157dab1_JaffaCakes118
Size

152KB
MD5

b386037732f1f6fa28f1175e5157dab1
SHA1

14b7896dd420433f49e93e0720c56fe198b92c92
SHA256

981790ff1d32905688c98587bfe2a129ab89257ce1c05213fd44c7dd4d4f2492
SHA512

85e796660c92127148d1d5baead081b3ae0e084c2ca3f29c61d0ec136bf11eaebe394876700d7f10fdd912f06c05e7f02b39cc18dc042853efdcd3c9a20d0413
SSDEEP

3072:XYrQSkDPTd/Cp8AwT+oHLkaBD7UnIFgPx39r8X:XkPaCiuogkD7LFqx3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b386037732f1f6fa28f1175e5157dab1_JaffaCakes118

Files

b386037732f1f6fa28f1175e5157dab1_JaffaCakes118
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Perforce-olympia-260-rel-build\Projects\ZeusOC\obj\Install\Plantronics.UC.OfficeCommunicator.pdb

Sections

.data
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.extrel
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ