34643cae9c4af9bc71d7ce5cb0091fa1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

34643cae9c4af9bc71d7ce5cb0091fa1_JaffaCakes118
Size

197KB
MD5

34643cae9c4af9bc71d7ce5cb0091fa1
SHA1

e1ec82188b05d2a7faed7406f735b58a563d513d
SHA256

cb19478a12986a5194162fb00316f699f0927be3fd0b235bed975410026ebc59
SHA512

895373000e9e73ce44298312df31ca01d69856a5541e03352b3af172b8cb8b00c5df9a129186d0866dea5dd03b65398ba1250daa5ab2997fc0c14dbad3357fa6
SSDEEP

6144:oSN8XNfeoHVL2epD57vIBFHc9Y801kmZh20+ubPNPg:P8XN1VqeVhOFHgY80GmXXbPNo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/yuguanftq/月光/gzip.dll

Files

34643cae9c4af9bc71d7ce5cb0091fa1_JaffaCakes118
.rar
yuguanftq/更多软件下载.url
yuguanftq/月光/gzip.dll
.dll windows:5 windows x86 arch:x86

63bc622ddbb364868c646ebb5f982ffe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

gzip.pdb

Imports

kernel32

LocalFree
LocalAlloc
DisableThreadLibraryCalls
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter

Exports

Exports

Compress
CreateCompression
CreateDecompression
DeInitCompression
DeInitDecompression
Decompress
DestroyCompression
DestroyDecompression
InitCompression
InitDecompression
ResetCompression
ResetDecompression

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ