923b0f3c0d4bb97d6347ed8d68a6dff3_JaffaCakes118 | Triage

Sharing

General

Target

923b0f3c0d4bb97d6347ed8d68a6dff3_JaffaCakes118
Size

1.8MB
MD5

923b0f3c0d4bb97d6347ed8d68a6dff3
SHA1

fb9c4018786887c763dae6acd53013a7b04e180f
SHA256

e83185f68e73391473758f3b700d39bcf5f008bf370840a0f85f9fefe81108a4
SHA512

8af7cd54b2e29f7987ba7ebf4c51dd16dc0c9ca5d1a0b2de3c961c0fa7245212c959c0928062e958f1a721992548a61712c534101057106cc6cc5b893434a9fa
SSDEEP

49152:fGmejc/YE1+QQFPRHC5cSiCHjqZoIeUcj47UILUWpD:OmejcQEMHFP8+cHjqbr735D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/qqzhuanfa_gr/qqzhuanfa.rar/QQ消息转发机.exe

Files

923b0f3c0d4bb97d6347ed8d68a6dff3_JaffaCakes118
.zip
qqzhuanfa_gr/qqzhuanfa.rar/QQ消息转发机.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: - Virtual size: 584KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 236KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 260KB - Virtual size: 260KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

text
Size: 1.4MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
qqzhuanfa_gr/qqzhuanfa.rar/qq80016630.ini
qqzhuanfa_gr/qqzhuanfa.rar/使用说明.txt
qqzhuanfa_gr/qqzhuanfa.rar/多对多转发.jpg
.jpg
qqzhuanfa_gr/东坡下载说明.txt
qqzhuanfa_gr/更多软件下载.url