2fceb0e8f454104770f6c0cd11ab0c87_JaffaCakes118 | Triage

Sharing

General

Target

2fceb0e8f454104770f6c0cd11ab0c87_JaffaCakes118
Size

955KB
MD5

2fceb0e8f454104770f6c0cd11ab0c87
SHA1

2d96673a1bdfb27e8a846ca6f0b817cbcfe04350
SHA256

f4825ba1ba96215e6c3cb300e1ffa940003f7e5b99769db87b9cf6b320da3efd
SHA512

dd44dea18a64a661cf75433a5189aaf09ef2f6da33b5437482d3d9d4f46391a6d72329f6854974fdc21d7a187a73a7641a036bd4b689ff0a9a2727c330266d70
SSDEEP

24576:6PCzdl8t9q0vU20tEquGQwHVzA8CeTZCBW21PdgVgUysL21:66Lq7GQEAdeEddgVgU1a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/易账通/易账通.exe

Files

2fceb0e8f454104770f6c0cd11ab0c87_JaffaCakes118
.rar
易账通/列表示例.lbs
易账通/易账通.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\账本\易账通源文件\记账预算\obj\Release\记账预算.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 756KB - Virtual size: 754KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 4KB - Virtual size: 123B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
易账通/易账通使用帮助.JPG
.jpg
易账通/易账通说明.txt
易账通/账单示例.dbm