44cfa591f83f16e8c32f4497949f5936_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

44cfa591f83f16e8c32f4497949f5936_JaffaCakes118
Size

8.8MB
MD5

44cfa591f83f16e8c32f4497949f5936
SHA1

2d638d02423fed2d827fd1602f4caa3bb2ddd0a7
SHA256

9cfd6530c67a87ba83c2e54550e19273fa6538cd6a4bb4ae3b4cc7e551586f3b
SHA512

ea2b7d7bf018f820f62671f1faa6f97328a2cc30dc522b7380c6de6b1e267c85be5a944c1f442018a4d339fab5720723208dbfb4b2ea681e4da5b9eeda9cc45c
SSDEEP

196608:ypPIK0FFtsKgD/byEzp92QjMg+Wh5f4mm166w2akTnh1FsY7xSAKYC0M:ypP50FFtsKobyEzf7Mg+Wh5E+RoFsFAe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/qqwlds_veryhuo.com/ttversetup.exe

Files

44cfa591f83f16e8c32f4497949f5936_JaffaCakes118
.rar
qqwlds_veryhuo.com/ttversetup.exe
.exe windows:1 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
qqwlds_veryhuo.com/最火软件站.url
qqwlds_veryhuo.com/说明文档.txt