0ef2300ad6e6bb46c9ce6ea2ce60e978_JaffaCakes118

General

Target

0ef2300ad6e6bb46c9ce6ea2ce60e978_JaffaCakes118
Size

266KB
MD5

0ef2300ad6e6bb46c9ce6ea2ce60e978
SHA1

5adf1ea3eba8cd1e1e1bc783423beee021c4bcf3
SHA256

ee1c552d9b7ba036248248ea65d05dd3aa4d4703be3a5f6f79f55fa665007af1
SHA512

ae7fe9a6b14be19ce663a4d3e67f7dab2a7fd5e6f7c8fc2406bb2ec38a055554198e1b0daf8d16e993d3e2ecad191c7a9a6d7533eb80a1ec4ef882d69369760d
SSDEEP

6144:sOSxZGnUik3NCEE++i1PAyesw+9MO9hFgrqAoT/DclawI:pSLGVkNMWPAyesP9MOPyeAkDclzI

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/植物大战僵尸辅助程序V1.3/植物大战僵尸辅助程序V1.3.exe	aspack_v212_v242

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/植物大战僵尸辅助程序V1.3/植物大战僵尸辅助程序V1.3.exe

Files

0ef2300ad6e6bb46c9ce6ea2ce60e978_JaffaCakes118
.rar
植物大战僵尸辅助程序V1.3/使用方法.txt
植物大战僵尸辅助程序V1.3/新云软件.url
.url
植物大战僵尸辅助程序V1.3/植物大战僵尸辅助程序V1.3.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 170KB - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 66KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 71KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 170KB - Virtual size: 416KB

DATA Size: 3KB - Virtual size: 8KB

BSS Size: - Virtual size: 4KB

.idata Size: 3KB - Virtual size: 12KB

.tls Size: - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size: 32KB

.rsrc Size: 66KB - Virtual size: 252KB

.aspack Size: 71KB - Virtual size: 72KB

.adata Size: - Virtual size: 4KB

CODE
Size: 170KB - Virtual size: 416KB

DATA
Size: 3KB - Virtual size: 8KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 12KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 32KB

.rsrc
Size: 66KB - Virtual size: 252KB

.aspack
Size: 71KB - Virtual size: 72KB

.adata
Size: - Virtual size: 4KB