14ce0e1f45dfbe5fb1217a49c4442f4b_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

14ce0e1f45dfbe5fb1217a49c4442f4b_JaffaCakes118
Size

550KB
MD5

14ce0e1f45dfbe5fb1217a49c4442f4b
SHA1

4a89e71720100267375fd545b2a77734da5e3c59
SHA256

44b4ce5df6480ce600298612f996175bb3e33704bb9c150cf550100ab4122f91
SHA512

614a3796eba4bc1fa902a243e86d68e894b67aecde9e2b47d2358d1aeb6bfd7a437ccfa630230782644b13f5a8c3f3fa10761a79cd3477fab1bcd7a8c6d8c305
SSDEEP

12288:T+V6vkofZ1XVeQcNpcELI9a+wO1wQemsvQpKnybP8KxEyjNo:T+VurB1XeNyD9aAvsZElm0No

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

resource	yara_rule
static1/unpack001/图标易换器.exe	aspack_v212_v242

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/图标易换器.exe

Files

14ce0e1f45dfbe5fb1217a49c4442f4b_JaffaCakes118
.rar
下载说明.htm
.html .js polyglot
图标易换器.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ecode
Size: 31KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE