01df07dca04bac6a38846d1f25e2e2f2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

01df07dca04bac6a38846d1f25e2e2f2_JaffaCakes118
Size

1.3MB
MD5

01df07dca04bac6a38846d1f25e2e2f2
SHA1

96927a58535c6021ac1edc7f1ed2d3d72d967f31
SHA256

1ca32095d104365c800feeb8162c933144a269dbe7eae1b22a8a3bc732420ff2
SHA512

505ff2cef47f90403188d159940280670a3e57b1fdcdd088104398f20fbc7f3c4c60ea137ace3d382ab5ce027991d89202e0ed1bbffe3622534c8f1aca81faae
SSDEEP

24576:TKfEusOluYlQ7vN4yWaikcVqs/tJ/fVbMARdUF+IoVXpCwhdFe+rXU2iOG7faWB+:T3usauY+iyWaiHVqQpwKM3oPCmd8RjTw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/城通网盘URL批量解析器 v1.2.exe

Files

01df07dca04bac6a38846d1f25e2e2f2_JaffaCakes118
.rar
Help.gif
.gif
Readme.gif
.gif
使用必读.url
城通网盘URL批量解析器 v1.2.exe
.exe windows:4 windows x86 arch:x86

1c372311534116eeffdf56f3f6c69c5c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
ExitProcess
GetProcAddress

user32

wsprintfA
MessageBoxA

Sections

.text
Size: 460KB - Virtual size: 1000KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 96KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 43KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 385KB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.psgl
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
绿色先锋下载.url
.url