01a5bd69fad546b004c0343364756949_JaffaCakes118

General

Target

01a5bd69fad546b004c0343364756949_JaffaCakes118
Size

514KB
MD5

01a5bd69fad546b004c0343364756949
SHA1

1e45ad044c203bc513c857ca4bdafb4a96bace27
SHA256

ea548aa8158b60687cedb7dc7a758d9a46cff92710c4905d1799a04caac3c243
SHA512

fdfb9f6cd4ef5f4a1ce621f9558f00a5677dbdebecea5fd160ccf550b2235227dbad5e962e01012d8a3f71591d433a0753db3470711c3dbb6eabae0185f1b856
SSDEEP

12288:PME/LjdLm0wU3Q1RZMA/Sm/ztsv/Ti+RJYR7FwDA35I6ZI8:kyLjdv3QbTSm/zOnmfFwDAm+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/游戏人-QQ农牧场辅助.exe

Files

01a5bd69fad546b004c0343364756949_JaffaCakes118
.rar
新云软件.url
.url
游戏人-QQ农牧场辅助.exe
.exe windows:4 windows x86 arch:x86

73ec795c6c369c6ce2c3b4c3f6477daa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

lstrcatA
InitializeCriticalSection
GetProcAddress
LocalFree
RaiseException
LocalAlloc
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
DuplicateHandle
GetShortPathNameA
ResumeThread
WriteProcessMemory
GetPrivateProfileSectionA
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW

user32

DefWindowProcA
AdjustWindowRectEx

Sections

0
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

1
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

2
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

3
Size: 48KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

4
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

5
Size: 8KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

73ec795c6c369c6ce2c3b4c3f6477daa

Headers

File Characteristics

Imports

kernel32

user32

Sections

0 Size: 1.0MB - Virtual size: 1.0MB

1 Size: 4KB - Virtual size: 16KB

2 Size: 12KB - Virtual size: 10KB

3 Size: 48KB - Virtual size: 71KB

4 Size: 4KB - Virtual size: 3KB

5 Size: 8KB - Virtual size: 28KB

0
Size: 1.0MB - Virtual size: 1.0MB

1
Size: 4KB - Virtual size: 16KB

2
Size: 12KB - Virtual size: 10KB

3
Size: 48KB - Virtual size: 71KB

4
Size: 4KB - Virtual size: 3KB

5
Size: 8KB - Virtual size: 28KB