e7a5dc46fbec0b4d6c1b0f4db935be3d_JaffaCakes118

General

Target

e7a5dc46fbec0b4d6c1b0f4db935be3d_JaffaCakes118
Size

1.8MB
MD5

e7a5dc46fbec0b4d6c1b0f4db935be3d
SHA1

cf19fb1172d0497a90b3442ff0a891d6b2c601d3
SHA256

9e61fca30fd93c142141a580280c4a6613e15099de8a7c9407c80ed5b1fc5ec8
SHA512

9de3f20a256912e8fd51439b9033ff5334a2b42b4317f60c022a2805ceeaa58de9ea92d628b093be4ddc0580164718576b38cf913c5ed8caf3a4df13e60c7641
SSDEEP

49152:vVStRuJDkhR2TKQsKrV0IUME+rFOP134VR+zrG:vVS4YSKQZruvYOqVRIG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/wjplgm-v1.0/文件批量改名.exe

Files

e7a5dc46fbec0b4d6c1b0f4db935be3d_JaffaCakes118
.rar
wjplgm-v1.0/文件批量改名.exe
.exe windows:4 windows x86 arch:x86

9165ea3e914e03bda3346f13edbd6ccd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
CloseHandle
WriteFile
CreateDirectoryA
GetTempPathA
ReadFile
SetFilePointer
CreateFileA
GetModuleFileNameA
GetStringTypeA
LCMapStringW
LCMapStringA
HeapAlloc
HeapFree
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
GetStringTypeW

user32

MessageBoxA
wsprintfA

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 272KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
wjplgm-v1.0/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

9165ea3e914e03bda3346f13edbd6ccd

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 7KB

.data Size: 1.2MB - Virtual size: 1.2MB

.rsrc Size: 272KB - Virtual size: 270KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 7KB

.data
Size: 1.2MB - Virtual size: 1.2MB

.rsrc
Size: 272KB - Virtual size: 270KB