da10ac34597a8e9c2f716473dac43ea5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

da10ac34597a8e9c2f716473dac43ea5_JaffaCakes118
Size

1.4MB
MD5

da10ac34597a8e9c2f716473dac43ea5
SHA1

96cffa5aafbf2b3f3fa02f7a83ab0fcaaa25bd2d
SHA256

2a78164fa83e80acaa605b3473adce490f6f0049dd8e5d1297d90970d2b02555
SHA512

457b315491a29b72e20c5e83dffcf25ca2e113e55f84f516a9c80ad3678bf0a0925a88748b63b7a4210ab06f04d15aa307c486ce52eb85fa4aa358e9200f9f10
SSDEEP

24576:0jdxsV47ATx56JH43BLvuBRhtVFngCdhYVAtGHsWlrp7zYLab/MxGq5ts1pPqxA:0jnsVYAFsHsBLvuBfTFnD6C+Nr7z3/Jn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Process Explorer/procexp.exe

Files

da10ac34597a8e9c2f716473dac43ea5_JaffaCakes118
.rar
Process Explorer/FixFont.reg
Process Explorer/procexp.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 189KB - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 40KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 5KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 356KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE