439b5600763db7027419ddb9f687746c_JaffaCakes118

General

Target

439b5600763db7027419ddb9f687746c_JaffaCakes118
Size

407KB
MD5

439b5600763db7027419ddb9f687746c
SHA1

279c02776750dfe80bb20fb5456e80d12a343eae
SHA256

b2af3a35ce29d50823fe7bbc6e802ab009361eeee3a982b0d1a38b74737c6e20
SHA512

c8aaca4315d74d66a595072fd8cb90954d6e21ded0bf6860de8f3c4d98e2543b3cccbd471d58c7fd3b2a535b90ad0622f556af159b020205d5cae3e7974031dc
SSDEEP

1536:kh/Vwtu7O1JDrhHZceVQupn1czbQPLvLb03brlvFm1:W/VAWeVfp1c3uv2l9i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
439b5600763db7027419ddb9f687746c_JaffaCakes118

Files

439b5600763db7027419ddb9f687746c_JaffaCakes118
.exe windows:6 windows x86 arch:x86

13fe794cce3e762a8a34cfdfe3cbc3ac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\computer\D\project\驾考宝典\PC客户端\项目源码\Release\买车网.pdb

Imports

kernel32

GetCommandLineW
GetTickCount64
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer
DecodePointer

shell32

CommandLineToArgvW
ShellExecuteW

msvcr110

_exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
__initenv
_fmode
_commode
_crt_debugger_hook
exit
__crtTerminateProcess
?terminate@@YAXXZ
__crtSetUnhandledExceptionFilter
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
_invoke_watson
_controlfp_s
_except_handler4_common
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
__crtUnhandledException

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 399KB - Virtual size: 399KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

13fe794cce3e762a8a34cfdfe3cbc3ac

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

shell32

msvcr110

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 896B

.rsrc Size: 399KB - Virtual size: 399KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 896B

.rsrc
Size: 399KB - Virtual size: 399KB

.reloc
Size: 2KB - Virtual size: 1KB