8babd50f92f0a6c0b416c5d4dbf770fb_JaffaCakes118 | Triage

Sharing

General

Target

8babd50f92f0a6c0b416c5d4dbf770fb_JaffaCakes118
Size

267KB
MD5

8babd50f92f0a6c0b416c5d4dbf770fb
SHA1

cd427013cbb65c937152e848a406de92dfa94d03
SHA256

27b8f37fafab43bcd42073d069e3707bd1ecc82c22e55de5bb3e3c03ad628f39
SHA512

63311f5c161a55cdeb1cdb87fe83723127384d5dd0e2aeba1034a2312ed83a724c2891d18f0dbabc3aa7894e494c3f48d9f82a55790e64bf041ff30612e55568
SSDEEP

6144:pgAiD9JNAAfT2wns1WUtXek2NB9TKlqGuWtiFDERwPOn:6Aw6AtsEUtXQ5UkWEpcwPOn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/机关公文助手v3.4完美注册机.exe

Files

8babd50f92f0a6c0b416c5d4dbf770fb_JaffaCakes118
.rar
下载说明.htm
.html
使用说明.txt
机关公文助手v3.4完美注册机.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 420KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 187KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.code
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
飘down精品软件.url
.url