49bab02cd66d9ab0ef155ef0e8fc197c_JaffaCakes118 | Triage

Sharing

General

Target

49bab02cd66d9ab0ef155ef0e8fc197c_JaffaCakes118
Size

2.6MB
MD5

49bab02cd66d9ab0ef155ef0e8fc197c
SHA1

a8fc528c39b5b664ac8130ae385be4cce9090925
SHA256

b64b1c65114b9625feeac19981a6eb1327e422f2e228bb61fb1c104a21bc4d42
SHA512

e4910189cbc6aa177c49da092f74d8852a16d11b344e5fa4158f389fb11199685dee5dbc8cbcfb2e1b2a0d7b28f5d47d42cdcb75a6a93f18942daf58a025659c
SSDEEP

49152:SfgqWlWNf6C3CfvC7S427Vhk5x/RMFxMxoe5kwTFHxBtq8MH2e+8819a9bmVtt+:SfgHlW19SfUSjJduaeuwTFHxBtq8M7+w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/工程量计算稿 V1.5/工程量计算稿 V1.5/setup.exe

Files

49bab02cd66d9ab0ef155ef0e8fc197c_JaffaCakes118
.rar
土木工程网- 土木工程师的家园.url
.url
工程量计算稿 V1.5/工程量计算稿 V1.5/setup.exe
.exe windows:4 windows x86 arch:x86

678986d7fe8eb1ebce8a0b924f59474d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
VirtualFree
lstrcpyA
ExitProcess
DeleteFileA
FreeLibrary
GetProcAddress
LoadLibraryA
CloseHandle
WriteFile
lstrlenA
VirtualAlloc
ReadFile
CreateFileA
GetModuleFileNameA
GetLastError
CreateMutexA

user32

SetCursor
LoadCursorA
wsprintfA
MessageBoxA

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 574B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
帮助说明.txt