e8790ba0c39a29aafe2cc11998b47381_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e8790ba0c39a29aafe2cc11998b47381_JaffaCakes118
Size

402KB
MD5

e8790ba0c39a29aafe2cc11998b47381
SHA1

f9ddb432c3ca4064b3ba623bbaea279718b21c1c
SHA256

2403b2c1aad14f447d014aec00c189672b9be9839abeb425bc3169ae7b27c8bb
SHA512

14c305f70e6826a71276682d44e98dacc948bd3238a8ea013c3044c91455d23de0110f3bcc2bcb2886ffa8079ae0a5bf44385a80a58eaab1fe775169682b7f99
SSDEEP

12288:JcCHayG3gmv+4kXLwOn91yz0LiiWwOroG35Kg1qjLL:XGwG+fXLL9UCerh336LL

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

resource	yara_rule
static1/unpack001/石子棋.exe	aspack_v212_v242

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/石子棋.exe

Files

e8790ba0c39a29aafe2cc11998b47381_JaffaCakes118
.rar
set.ini
sound/down.WAV
sound/eat.wav
sound/select.WAV
sound/新云软件.url
.url
石子棋.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 12KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 247KB - Virtual size: 860KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 122KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
石子棋帮助.chm
.chm