54fcc533aa77cbea1ae1e339487f3893_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

54fcc533aa77cbea1ae1e339487f3893_JaffaCakes118
Size

522KB
MD5

54fcc533aa77cbea1ae1e339487f3893
SHA1

d7158a2a009dd003f55458491660e67b076ee681
SHA256

615f2fe9a05659f4a29ee77c838b3bb2c56932d0f68bae2f22b0d82b315be9ea
SHA512

3e696485bd5130942165e2aff452dfd5576264fdc7e43a34990ea997b8f90b95c617ad4b50c61160f84f541e3ec70615922e008adb46de04000b668d3cb34e53
SSDEEP

12288:B37xKLn87XwAMzlAdvQld2S/fvlR3qW0PaTmA7TtHJuES:B37xK0X2Vl4sff3qnaKCtHJDS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Craagle_4.0_www.lordly.ir/Craagle 4.0.exe

Files

54fcc533aa77cbea1ae1e339487f3893_JaffaCakes118
.zip
Craagle_4.0_www.lordly.ir/Craagle 4.0.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 791KB - Virtual size: 791KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 32KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 62B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 376KB - Virtual size: 376KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Craagle_4.0_www.lordly.ir/lordhack.url
Craagle_4.0_www.lordly.ir/lordly.blogfa.url
Craagle_4.0_www.lordly.ir/lordly.ir.url