2fa802edde7ac877a7ad767ab130bf94_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2fa802edde7ac877a7ad767ab130bf94_JaffaCakes118
Size

333KB
MD5

2fa802edde7ac877a7ad767ab130bf94
SHA1

86c47b16792fb2a0ecb5b4c4c816981514e7575c
SHA256

b26354ad47fbbb931263e533d6e3b855426ce9fe8609dc1ebb468dddae6534a4
SHA512

5d16cb70e3e601bbcfc1accae5739e34d33ca0fc7f9a8ac6ff069ec600ec4d246f6719cfe3fd0240a7d994f487cbf28be65a7840ceabb5097ff6a7afeb67dd9f
SSDEEP

6144:md+5ncQDp7Ms8yncOCehBpCS6gi0jAkhmq8B/Keuzn8ECrNAr8:H5nz8FOCehBpCSWC38FKlr8D

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

resource	yara_rule
static1/unpack001/Rome Win.exe	aspack_v212_v242

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Rome Win.exe

Files

2fa802edde7ac877a7ad767ab130bf94_JaffaCakes118
.zip
Rome Win.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 252KB - Virtual size: 568KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 40KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 18KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
־.txt
ʽ.txt