ecdd3b4a0081552fcf0a139f7e8d5984_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ecdd3b4a0081552fcf0a139f7e8d5984_JaffaCakes118
Size

1.4MB
MD5

ecdd3b4a0081552fcf0a139f7e8d5984
SHA1

6c986dd472bdf5bf1308738ccf3e25e672ccbe1c
SHA256

541fb26a5f743bde511a5b091fabd53ff52c83cf0dde97e4a68a39d070018380
SHA512

4e57622420c80627684fd37c80c5dcc969435b692e13de1a18e3b4120da1001e50d34f1bfe25f37caaaea3dc3a4d2614e459ee91bca24f5a7b22edd9914a1649
SSDEEP

24576:xq83uKXj1YqZnfL9IhyPDq0UtnonkPeKYdt5RfPyBr0PsOzb+jppBt6ni+FFw4Cs:z+KXxYgEMyoa2ns0PsOIpBtKiulAC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/hanzify.exe

Files

ecdd3b4a0081552fcf0a139f7e8d5984_JaffaCakes118
.rar
hanzify.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
下载说明.htm
.html .js polyglot
汉化新世纪.txt
汉化说明.txt