04d96092dbe828ae67829d4a05ec939e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

04d96092dbe828ae67829d4a05ec939e_JaffaCakes118
Size

1.3MB
MD5

04d96092dbe828ae67829d4a05ec939e
SHA1

10f51e62e7f92e1785b27c05d98d1b079e98e791
SHA256

7e08e3d227394d2a576e843c535ad4b3d9ff3023ceab141b85f0253a5b3cee37
SHA512

14ee2703622a11481787a8259ab2898ab91efe2b303cf6d262947229dbee38d739f5c2a2541e3913754618760a97c075c4e40ca1b4df225a45ef0b14fdbe7000
SSDEEP

24576:d9MA/Yw4Fw4vLlZ5gG3mNNguRpwUYlUJQVfoOXxKlN:nMiX4OSLVlG2CpwUYl3Xxs

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/coolime/CoolIME.exe	aspack_v212_v242

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/coolime/CoolIME.exe

Files

04d96092dbe828ae67829d4a05ec939e_JaffaCakes118
.rar
coolime/CoolIME.CBM
coolime/CoolIME.INI
coolime/CoolIME.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 94KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 85KB - Virtual size: 424KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
coolime/Dicts/HePY/BD.MB
coolime/Dicts/HePY/BiHua.MB
coolime/Dicts/HePY/BianMa.ZI
.vbs
coolime/Dicts/HePY/HePY.INI
coolime/Dicts/HePY/HePY.MB1
.vbs
coolime/Dicts/HePY/HePY.MB2
coolime/Dicts/HePY/QJ.MB
coolime/Dicts/HePY/QuanMa.ZI
coolime/Dicts/HePY/User.MB1
coolime/Dicts/HePY/User.MB2
.ps1
coolime/Dicts/HePY/ZNBD.MB
coolime/Dicts/HePY/hejp.bmp
coolime/FM.CBM
coolime/KeyBoards/Default.INI
coolime/KeyBoards/Default.bmp
coolime/KeyBoards/IpaPan.TTF
coolime/KeyBoards/PC键盘.KB
coolime/KeyBoards/俄文字母.KB
coolime/KeyBoards/全角字符.KB
coolime/KeyBoards/制表符.KB
coolime/KeyBoards/单位符号.KB
coolime/KeyBoards/希腊字母.KB
coolime/KeyBoards/拼音.KB
coolime/KeyBoards/数字序号.KB
coolime/KeyBoards/数学符号.KB
coolime/KeyBoards/日文平假名.KB
coolime/KeyBoards/日文片假名.KB
coolime/KeyBoards/标点符号.KB
coolime/KeyBoards/注音符号.KB
coolime/KeyBoards/特殊符号.KB
coolime/KeyBoards/空白键盘模板.TXT
coolime/KeyBoards/符号提示.KB
coolime/KeyBoards/英文音标.INI
coolime/KeyBoards/英文音标.KB
coolime/KeyBoards/金融键盘.KB
coolime/Skins/Default.INI
coolime/Skins/HEoff.ico
coolime/Skins/HEon.ico
coolime/Sound/ChongMa.wav
coolime/Sound/KongMa.wav
coolime/Sound/backspace.wav
coolime/Sound/bell.wav
coolime/Sound/enter.wav
coolime/Sound/letter.wav
coolime/Sound/space.wav
coolime/小鹤双拼简介.txt
coolime/小鹤双拼编码规则.txt
coolime/新云软件.url
.url
coolime/符号功能帮助.txt
coolime/酷极手册.chm
.chm
coolime/鹤形之笔画部件图.GIF
.gif

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

.text Size: 94KB - Virtual size: 232KB

.rdata Size: 5KB - Virtual size: 16KB

.data Size: 7KB - Virtual size: 200KB

.rsrc Size: 85KB - Virtual size: 424KB

.aspack Size: 9KB - Virtual size: 12KB

.adata Size: - Virtual size: 4KB

.text
Size: 94KB - Virtual size: 232KB

.rdata
Size: 5KB - Virtual size: 16KB

.data
Size: 7KB - Virtual size: 200KB

.rsrc
Size: 85KB - Virtual size: 424KB

.aspack
Size: 9KB - Virtual size: 12KB

.adata
Size: - Virtual size: 4KB