33e9c5b915b7830dc9157da7332d9f55_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

33e9c5b915b7830dc9157da7332d9f55_JaffaCakes118
Size

1.1MB
MD5

33e9c5b915b7830dc9157da7332d9f55
SHA1

e57c3a8e49b756f4cd6ca4219aa339251683ef5c
SHA256

a3544e95b4d37f87d5ccf03d027d2bf527c019ca33419983355d7ed83730addd
SHA512

4486e852bb35ca4b6e09dc21ffe0d3912a0f6773d07caf47187c9ad8db178ec684eae3b7cf9f6d8ca84488a7848af14c4d67d269b9e302d1b597a1d67cc18ecd
SSDEEP

24576:qq32W07vZAmnjR+ZrX5eYZEM5QyTSo2vH4wEnmYnpHMVdg:qq3shXwZEM5QS+knm8sTg

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/c9特种兵/c9.exe
unpack001/c9特种兵/hook.dat

Files

33e9c5b915b7830dc9157da7332d9f55_JaffaCakes118
.zip
c9特种兵/c9.exe
.exe windows:5 windows x86 arch:x86

3b28b22fe253d22c8c3ac87bd73586ca

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

wsock32 kernel32

send ��

Sections

CODE
Size: 324KB - Virtual size: 680KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SE
Size: 774KB - Virtual size: 776KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SE
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SE
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SE
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
c9特种兵/config.ini
c9特种兵/hook.dat
.dll windows:5 windows x86 arch:x86

ca9d26f2016839416a58dfc0bcd9586a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32 user32

MultiByteToWideChar ��

Exports

Exports

Pro1

Sections

.text
Size: 6KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SE
Size: 414KB - Virtual size: 416KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SE
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SE
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

SE
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
readme.url
.url
下载王www.xzking.com.url
.url

Sharing

General

Malware Config

Signatures

Files

3b28b22fe253d22c8c3ac87bd73586ca

Headers

File Characteristics

Imports

wsock32 kernel32

Sections

CODE Size: 324KB - Virtual size: 680KB

SE Size: 774KB - Virtual size: 776KB

SE Size: 20KB - Virtual size: 20KB

SE Size: 5KB - Virtual size: 8KB

SE Size: 4KB - Virtual size: 4KB

ca9d26f2016839416a58dfc0bcd9586a

Headers

File Characteristics

Imports

kernel32 user32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 24KB

SE Size: 414KB - Virtual size: 416KB

SE Size: 13KB - Virtual size: 16KB

SE Size: 3KB - Virtual size: 4KB

SE Size: 4KB - Virtual size: 4KB

CODE
Size: 324KB - Virtual size: 680KB

SE
Size: 774KB - Virtual size: 776KB

SE
Size: 20KB - Virtual size: 20KB

SE
Size: 5KB - Virtual size: 8KB

SE
Size: 4KB - Virtual size: 4KB

.text
Size: 6KB - Virtual size: 24KB

SE
Size: 414KB - Virtual size: 416KB

SE
Size: 13KB - Virtual size: 16KB

SE
Size: 3KB - Virtual size: 4KB

SE
Size: 4KB - Virtual size: 4KB