0f7c56a53eabdc0978689372781b11e2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0f7c56a53eabdc0978689372781b11e2_JaffaCakes118
Size

294KB
MD5

0f7c56a53eabdc0978689372781b11e2
SHA1

7aabe434419ac38226702108e764f65b5350732d
SHA256

e0539423241551835398dec986fc08e7cc0a3015d7bc9e63b92f80d941b09cf8
SHA512

e4655ac17c3292ed55c295bcddbf8e994c36ee6d79073a054616fecea3a5956440cbd00e846ca8400a1d4ee17def44a543d3920f0faa4226f73e74ca0de5392c
SSDEEP

6144:0IA9hUd5Y7tNkrcIVK3hUeOnm1WxbaCAsMCKoyGih54/QqThFV:0H9OnY7/tyYzOnKJsMCKobip2V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0f7c56a53eabdc0978689372781b11e2_JaffaCakes118

Files

0f7c56a53eabdc0978689372781b11e2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Projects\WinRAR\uninstall\build\uninstall32\Release\uninstall.pdb

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.khe
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE