f2be96627f7ed4a82d63557864e741ac_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f2be96627f7ed4a82d63557864e741ac_JaffaCakes118
Size

1.1MB
MD5

f2be96627f7ed4a82d63557864e741ac
SHA1

dc99a389783c42722027dfcb07e39ef6a16a42fe
SHA256

c46b054f636b0faad993a8d76da73f93d5b99904b205855be02ef0410cc9dd24
SHA512

e99fd6c82221d332f974b5b63a2c104b1f2ec1a503ce69ce0b40e6251d6115ea88f76daa48dd8b7ad74011e06db8383d5cfda6db652d490d9ae71b58c5cc9e73
SSDEEP

24576:cmthlfCXxL8xGVeGo3zvAU6gE/D5AiTeCclzea8jJEA75zOLec:hlf4L9u4UMvTLc1WbNGec

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/数码相片压缩大师.exe

Files

f2be96627f7ed4a82d63557864e741ac_JaffaCakes118
.rar
数码相片压缩大师.exe
.exe windows:4 windows x86 arch:x86

02a25f607537c650e2a490a0146f3711

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA
CopyAcceleratorTableA

kernel32

GetModuleFileNameA
GetEnvironmentVariableA
ExitProcess
FormatMessageA
GetLastError
SetLastError
GetProcAddress
VirtualProtect
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
GetModuleFileNameW
GetVersionExA
VirtualFree
VirtualAlloc
GlobalAlloc
SetFilePointer
ReadFile
CreateFileA
UnhandledExceptionFilter

gdi32

GetTextExtentPointA

comdlg32

GetSaveFileNameA

winspool.drv

OpenPrinterA

advapi32

RegCloseKey

shell32

ShellExecuteA

comctl32

ImageList_GetIcon

oledlg

ord8

ole32

CoTaskMemAlloc

olepro32

ord253

oleaut32

SysFreeString

urlmon

URLDownloadToFileA

winmm

PlaySoundA

Sections

.text
Size: 384KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE