5be6cf69ce83eb041972f7df91be9111_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5be6cf69ce83eb041972f7df91be9111_JaffaCakes118
Size

1.1MB
MD5

5be6cf69ce83eb041972f7df91be9111
SHA1

ae78c9ed4d52e7a5246b3ecda59c8d4406f141b8
SHA256

bec78aa622e1b3256b66c557639efa3e3a358d6103bd7b71c8f6210a65e1621f
SHA512

7ae12484664622227fe4d7d31c5571afc75fcd68f0e557c28f338d2eb96ea18a6a77c2bc06067af26198f97d7899e2ee9722d29d1e3f21c6bfecf50219f123d6
SSDEEP

24576:IN1Vq7y0fZGmqAtr59PAgi3OvrHNnDODHbJ0MDzl2RZuK0S/r+3LK:IXVEy0x1tr5hi+zpK7bJ0G2F0SsK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/yuguanftq/月光/gzip.dll

Files

5be6cf69ce83eb041972f7df91be9111_JaffaCakes118
.rar
yuguanftq/更多软件下载.url
yuguanftq/月光/gzip.dll
.dll windows:5 windows x86 arch:x86

63bc622ddbb364868c646ebb5f982ffe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

gzip.pdb

Imports

kernel32

LocalFree
LocalAlloc
DisableThreadLibraryCalls
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter

Exports

Exports

Compress
CreateCompression
CreateDecompression
DeInitCompression
DeInitDecompression
Decompress
DestroyCompression
DestroyDecompression
InitCompression
InitDecompression
ResetCompression
ResetDecompression

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ