d0fd29564dcc14d71d44817213e94c8e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d0fd29564dcc14d71d44817213e94c8e_JaffaCakes118
Size

206KB
MD5

d0fd29564dcc14d71d44817213e94c8e
SHA1

387ee03122f146342703ac100593cfe13569b97d
SHA256

2caaa66af2d757fcc5be6047ccc5456c8831b1e4616ddc1d33037f73b548bc1d
SHA512

cd40dea0ebd501617729415a5d0927d9a4067e916970265cef833fb5b6b59754517890775a3f4698725bb14efbc7e04d58584c1207f96fd70c5774ad7f06fb6c
SSDEEP

6144:eQmTm0mv4q/StV6ScYmIK0fpblEwDG0H0:8m09Zcj0BbOwdH0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d0fd29564dcc14d71d44817213e94c8e_JaffaCakes118

NSIS installer 2 IoCs

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

d0fd29564dcc14d71d44817213e94c8e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.khe
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data
.khe
.rdata
.rsrc/DIALOG/105
.rsrc/DIALOG/106
.rsrc/DIALOG/111
.rsrc/GROUP_ICON/103
.rsrc/ICON/1.ico
.rsrc/MANIFEST/1
.xml
.text
[0]
[1]