c899dca50858b9613f960a622e627b53_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c899dca50858b9613f960a622e627b53_JaffaCakes118
Size

83KB
MD5

c899dca50858b9613f960a622e627b53
SHA1

586cc353ee9262901a5ca04d08a1f30aaaa9d707
SHA256

9c94a2fa0d50bd3f3352e2b2c464c3c867446b08a1dc8a2c41a0cd8eba40a5c3
SHA512

12d47412ee40f0c489c64afa944f0e86f499251ab5bc0c2ae7c01e89883e843b78363b61a5e2aa53f08ccee5a69964fe880f0836e0caebb2ac5522a79822c454
SSDEEP

1536:8HkXJ39zHjdYGb3f5nfnERJ40iB6dgyz1UE6er0OBlMDqoeJhsjQNmBLrkBZb1ow:kkrjdhPJYJ4wnzyEPr0RDqkkNMcBZb1b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/keybordfixed.exe

Files

c899dca50858b9613f960a622e627b53_JaffaCakes118
.rar
keybordfixed.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\topcu\Desktop\Rundll32 Driver 3122016\Rundll32 Driver\obj\Debug\DCIM0036.jpeg.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ