0df95b3d8d634b822a898c37d3d7b059_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0df95b3d8d634b822a898c37d3d7b059_JaffaCakes118
Size

380KB
MD5

0df95b3d8d634b822a898c37d3d7b059
SHA1

444c5275722e7ab14a69d3e0d550c9bb16efefa9
SHA256

b3fb5731f79cd2a75ca141629906c776af2d7a4ae4ce6efc86d6ea2ec6472f2e
SHA512

bbaf06e7598eeec919a8c544f747ca8bc007b302d461369cd98c34682b3d833daf80ef500646bc474a2fc90a23ef5a428120d32e2dfe5a7a57e10828872df9ac
SSDEEP

6144:pgAiD9JNAAfT2wns1WUtXek2NB9TKlqGuWtiFDERwPOsVptrYF0xJQTV2RS9kEhQ:6Aw6AtsEUtXQ5UkWEpcwPO6XYF8JciEa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/机关公文助手v3.4完美注册机.exe

Files

0df95b3d8d634b822a898c37d3d7b059_JaffaCakes118
.rar
下载说明.htm
.html
使用说明.txt
机关公文助手v3.4完美注册机.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 420KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 187KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.code
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
飘down精品软件.url
.url