2d68b500207790e5ddce888276ff0f4b_JaffaCakes118 | Triage

Sharing

General

Target

2d68b500207790e5ddce888276ff0f4b_JaffaCakes118
Size

67KB
MD5

2d68b500207790e5ddce888276ff0f4b
SHA1

42225409d310bcf9097baa7d07f83ab6b263a248
SHA256

63b02ff7da52fa594a3b89108c61527187acb6c500438326ba366057fc684872
SHA512

327f10763875c7bfedbf4861fb4f6d40e04b3f81b90ac3c4844013f84863a9b71012e25caa4a764de9f9428b2ebdc7d8ecf16934538fef4747d022624761ddc7
SSDEEP

1536:+cxy+vh2QRjNf57PS9gkwKSRjeWbqpjqZ/9SYDkk3eS:+csC2qjXDvtyWbqdqZFSYAk37

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/twithackv1.89.exe

Files

2d68b500207790e5ddce888276ff0f4b_JaffaCakes118
.zip
changelog.txt
twithackv1.89.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Ryan\Documents\Visual Studio 2012\Projects\twithack\twithack\obj\Release\twithack.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ