2723e63102ea124987747d5782e08b73_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2723e63102ea124987747d5782e08b73_JaffaCakes118
Size

487KB
MD5

2723e63102ea124987747d5782e08b73
SHA1

8c9a76d07280da086a79e180c3b04a0c49c90d4c
SHA256

ebba8421f4ef303d3ff286fdfbae5774cc5787f864791a1780a0e71d55511621
SHA512

f4fdd619d2c6ff4c3fec5083a8ca70697cb0e7158dd30e155702d337787896775b1cde7265e807d14a59d7a7539bbe7cf61c52c819c9f963e5300fc982d70470
SSDEEP

12288:2g78RRGOd1gmO3zMapHiWeSvnpcZIDkRtgHOCCM48pZgbufLYs/:2RtXgjiWeulo/gbX1pMuEs/

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/cdaff.gif
unpack001/ebc.gif

Files

2723e63102ea124987747d5782e08b73_JaffaCakes118
.rar
1.dll
2.dll
cdaff.gif
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

GetNewInf
GetNewSock

Sections

Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 370KB - Virtual size: 376KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ebc.gif
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

Compress
GetNewInf
MGetMD5

Sections

Size: - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 53KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
lang/vip.ini
lang/新云软件.url
.url
nyfc.JPG
.jpg
说明.txt