7b987a7c6eb3ca908557e69a8fe932b2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7b987a7c6eb3ca908557e69a8fe932b2_JaffaCakes118
Size

476KB
MD5

7b987a7c6eb3ca908557e69a8fe932b2
SHA1

5d609f66f58f426ca2514fcbc711426c01bb5ea9
SHA256

2b3c375ed60bd9522bfbc8ba96a287f7b289133d77c23d0a23e40065e9a23504
SHA512

9f8b289c3cc99ef6c6d14068762e649c7ca9cf17c61594c3cd4bf40051fda76ec3ea47335eb48e5bc5608367446452e8ee3293f0450e1be095fc80f157b61b7a
SSDEEP

12288:FautzFMJYHKiwAW3WjrqyFba4kaI/xF+LbMzFtXL2Zyg8q:oszRQ3W9b39qX+Abg9r

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

resource	yara_rule
static1/unpack001/小熙网络加速器.exe	aspack_v212_v242

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/小熙网络加速器.exe

Files

7b987a7c6eb3ca908557e69a8fe932b2_JaffaCakes118
.rar
小熙网络加速器.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 275KB - Virtual size: 672KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 167KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 20KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
更多软件下载.url
飘荡软件.url
.url