499d5a138c10a0beebdd2f195e3db8b5_JaffaCakes118 | Triage

Sharing

General

Target

499d5a138c10a0beebdd2f195e3db8b5_JaffaCakes118
Size

3.7MB
MD5

499d5a138c10a0beebdd2f195e3db8b5
SHA1

36541cd8d7b8d47896ca12572948f3ddfa79a599
SHA256

06ee882412f3cc161315129e024c400d14458763a6d30dcda04e94bb3e4d354c
SHA512

f522ba18eff681aa178e171927c9f48aa806217924b6ea5db9eb080a06de48a59ae9e55cc3d81cb647dd04b19736d898de704f12c91bffad8508e4cf2767d263
SSDEEP

98304:03UT8dkXrIp7Sr0+PQ/hQZMw01d9KpVNpiu:0u8dXmo+Pe62wi8pLpr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/在天合击.exe

Files

499d5a138c10a0beebdd2f195e3db8b5_JaffaCakes118
.rar
在天合击.exe
.exe windows:4 windows x86 arch:x86

f1906944dae4647cb7340a6deb7b359d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

winmm

midiStreamOut

ws2_32

socket

rasapi32

RasHangUpA

user32

DestroyAcceleratorTable

gdi32

LineTo

winspool.drv

OpenPrinterA

advapi32

RegQueryValueExA

shell32

SHGetMalloc

ole32

OleRun

oleaut32

VariantInit

comctl32

ord17

wininet

InternetCanonicalizeUrlA

comdlg32

ChooseColorA

Sections

.text
Size: 1.9MB - Virtual size: 6.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.710e
Size: 3KB - Virtual size: 3KB
装备过滤.txt
飞龙在天攻略.txt