c0cca94ee8c0ca50dc631470c4474438_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c0cca94ee8c0ca50dc631470c4474438_JaffaCakes118
Size

235KB
MD5

c0cca94ee8c0ca50dc631470c4474438
SHA1

344dbead1f81b0d9af6290177fad354dc5f7b2d7
SHA256

563d1ee0666f0a9d60f7f2ca18887b2abf9ddcd4c300b0a2ee28debcba6aec5b
SHA512

a336a79f79c4ad4c8fc724775599cfb1504a60d18ac39b55b3f17f2d6c388fd35b44a8d4550b4e57b5651fc79048da0f1d07b855af8fd8a1cbf248e8ce8d0718
SSDEEP

3072:op2+xBLz2HFEgeGBOhhmTpxR6BrT5jISwa+9SDV/odZ8LIGfVQ6nN7R3sNdk0WgV:opB/2H84OXmTpxEDtDV8CLpJRC8K56E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/sniper.ghost.warrior.2.[no.intro]-patch.exe

Files

c0cca94ee8c0ca50dc631470c4474438_JaffaCakes118
.rar
ALI213.txt
CuST0M.nfo
sniper.ghost.warrior.2.[no.intro]-patch.exe
.exe windows:5 windows x86 arch:x86

dc73a9bd8de0fd640549c85ac4089b87

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
ExitProcess
FindResourceA
FreeLibrary
GetModuleHandleA
GetProcAddress
GetTempPathA
LoadLibraryA
LoadResource
RtlMoveMemory
SizeofResource
VirtualAlloc
lstrcatA
CloseHandle
CreateFileA
FlushFileBuffers
WriteFile

Sections

.text
Size: 512B - Virtual size: 502B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 401KB - Virtual size: 401KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 82B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
游侠网热门单机游戏.url
.url