ec9d73c3e3b3f9d81c3131196e7d1088_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ec9d73c3e3b3f9d81c3131196e7d1088_JaffaCakes118
Size

1.0MB
MD5

ec9d73c3e3b3f9d81c3131196e7d1088
SHA1

1e0f1a374e15bc4a5ab9cedec33a2bdfe362c042
SHA256

e9789d5acfb9cf4792d4db2e9cbdc4169ac1b5893108cb347938368c267408c4
SHA512

7f1104f28925964a52d4468205ed31a9dec1cf33577bdaa878ec83c3988f04ccb15a1856d77780f5ea8d7c4defb039beee556f5e9877fd1ec584078a1ed6e0f5
SSDEEP

24576:b88K/9C98lh30LTujPgYgQd8emW1+6a/X:b9EcpTKYYgQdb1+6av

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/光驱管家.exe

Files

ec9d73c3e3b3f9d81c3131196e7d1088_JaffaCakes118
.rar
下载说明.htm
.html .js polyglot
光驱管家.exe
.exe windows:4 windows x86 arch:x86

26b27b8bb82fd207b19adb9d0f9397ef

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessA
WriteFile
CreateDirectoryA
GetTempPathA
ReadFile
CloseHandle
GetFileSize
CreateFileA
GetModuleFileNameA
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
HeapReAlloc
HeapAlloc
HeapFree
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
RtlUnwind
GetStringTypeW

user32

MessageBoxA
wsprintfA
SetWindowTextA
SetWindowPos
ShowWindow
UpdateWindow
EndDialog
DialogBoxParamA

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ