4ed98e711453f0b9b8b8627b90163575_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4ed98e711453f0b9b8b8627b90163575_JaffaCakes118
Size

10.1MB
MD5

4ed98e711453f0b9b8b8627b90163575
SHA1

61879472843f5617e905e02f0c2ed5a325367ca4
SHA256

3984ac519a5178e93ada3a7974506af98d0865beeca657f7cb58a7879bddfeb8
SHA512

9a625282f21e0a6047f846a89922cdca64a13181c0fbe30806426b8f68109fce91c95060a56882d72966a65a95935d3d37a4c24d68b3b0a593318fbfc15e9806
SSDEEP

196608:tVWtKsMc8GDg4naXmPFF7ayNn0FR4xMqC/lGx2PO5/ut1B7vhYQyit3wIgv:GKsOl4Mmr7ao/08kmx4tpnxI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/一键GHOST光盘版/袖珍龙汉字系统补丁.exe

Files

4ed98e711453f0b9b8b8627b90163575_JaffaCakes118
.rar
一键GHOST光盘版/HELP.CHM
.chm
一键GHOST光盘版/readme.txt
一键GHOST光盘版/一键GHOST光盘版.iso
.iso
[BOOT]/Boot-NoEmul.img
ezboot/GHOSTC.IMG
ezboot/cdmenu.ezb
ezboot/ezldr
一键GHOST光盘版/袖珍龙汉字系统补丁.exe
.exe windows:5 windows x86 arch:x86

dc73a9bd8de0fd640549c85ac4089b87

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
ExitProcess
FindResourceA
FreeLibrary
GetModuleHandleA
GetProcAddress
GetTempPathA
LoadLibraryA
LoadResource
RtlMoveMemory
SizeofResource
VirtualAlloc
lstrcatA
CloseHandle
CreateFileA
FlushFileBuffers
WriteFile

Sections

.text
Size: 512B - Virtual size: 502B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 82B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ