effea195c6d5333b74d2f1883ee5bf80_JaffaCakes118 | Triage

Sharing

General

Target

effea195c6d5333b74d2f1883ee5bf80_JaffaCakes118
Size

250KB
MD5

effea195c6d5333b74d2f1883ee5bf80
SHA1

8e5b900f2462540fc14f7e55c1844ab867967262
SHA256

7a1cac904a64e08c9d37365f3c52b55e1489bb2c267c02ebe18f6bb22b3a46d6
SHA512

59401b718578145a408c311325bbe279c159cdd11ddf923aede9838532607612502c4afa91e1af34d73979719b71060ef3c18a9bc7be8483f7ad580197cfc94d
SSDEEP

6144:cDJJehv1PNnnaqnyFI7jDaW3sKitwnEdo5b3:cDJw3PJXyFI7X3YwEKr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Internet时间定时同步精灵/kTimer.exe

Files

effea195c6d5333b74d2f1883ee5bf80_JaffaCakes118
.rar
Internet时间定时同步精灵/kTimeServer.ini
Internet时间定时同步精灵/kTimer.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 410KB - Virtual size: 410KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Internet时间定时同步精灵/mySetup.ini
Internet时间定时同步精灵/新云软件.url
.url
Internet时间定时同步精灵/请先读我.txt