Behavioral task
behavioral1
Sample
新云软件.url
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
新云软件.url
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
百度图片批量下载器.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
百度图片批量下载器.exe
Resource
win10v2004-20240508-en
General
-
Target
2503bb8b2f20994197343c5463e4a08b_JaffaCakes118
-
Size
2.1MB
-
MD5
2503bb8b2f20994197343c5463e4a08b
-
SHA1
ab121dff2b601be81ff22d2d75fcfb8bf95219c8
-
SHA256
af5323e845ae3acfb37a96f4ea6c2e87b5f580245a2d0a6fdbb25775b4ad61b8
-
SHA512
c721d9355ec6298f28bebe98652abf870dc9349f64df3c79a93e9b8cd0d512e1da03bf5f26a4e71e23203bcb40aefee9e47ee4634b446b62354bce34c12585bd
-
SSDEEP
49152:ldanr9QCtcmI21Iqt2Me0vxXgVJ2f+X2F0kxzv8NVayQ:HSpQCTPqh2vxwVAkJkxzv8NVayQ
Malware Config
Signatures
-
resource yara_rule static1/unpack001/百度图片批量下载器.exe aspack_v212_v242 -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/百度图片批量下载器.exe
Files
-
2503bb8b2f20994197343c5463e4a08b_JaffaCakes118.rar
-
新云软件.url.url
-
百度图片批量下载器.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 297KB - Virtual size: 1.1MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 1.8MB - Virtual size: 4.5MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 19KB - Virtual size: 224KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.aspack Size: 5KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.adata Size: - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE