2ff78aca48fabd43d45e5925160b9444_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2ff78aca48fabd43d45e5925160b9444_JaffaCakes118
Size

191KB
MD5

2ff78aca48fabd43d45e5925160b9444
SHA1

a4262624696673c082dc03be710197a6ece4f647
SHA256

d9a033137c43db0623ba06d0fe906fc400f8d65abfd9641bd5cba79879336c60
SHA512

ede4517c24af86ee592ccd1d53769e01805e2e87762850942690a0fa63a123719d43efe6265359a909864065aec9fbe66662add28cdf8816ccd675cd6c658d71
SSDEEP

3072:ajovrmkrm861YsQNiaGmdP292i/0cOQyohEF8WE+husiy2qQC7vG09VBB0o0W0:aCakqAsQfly2mFyoh4E+ssiE77xPBBh0

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/OfficeIns/OfficeIns.exe
unpack001/OfficeIns/soft2cn．com汉化说明.exe

Files

2ff78aca48fabd43d45e5925160b9444_JaffaCakes118
.rar
OfficeIns/OfficeIns.JPG
.jpg
OfficeIns/OfficeIns.chm
.chm
OfficeIns/OfficeIns.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

heatray0
Size: - Virtual size: 144KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

heatray1
Size: 41KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

heatray2
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
OfficeIns/OfficeIns_lng.ini
OfficeIns/soft2cn．com汉化说明.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

HH_By_Soft2CN
Reserverd
fzh_s2c
refreshDesktop

Sections

CODE
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
OfficeIns/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

heatray0 Size: - Virtual size: 144KB

heatray1 Size: 41KB - Virtual size: 44KB

heatray2 Size: - Virtual size: 6KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 128KB - Virtual size: 127KB

DATA Size: 2KB - Virtual size: 1KB

BSS Size: - Virtual size: 1KB

.idata Size: 5KB - Virtual size: 5KB

.edata Size: 1KB - Virtual size: 1KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 8KB - Virtual size: 7KB

.rsrc Size: 20KB - Virtual size: 19KB

heatray0
Size: - Virtual size: 144KB

heatray1
Size: 41KB - Virtual size: 44KB

heatray2
Size: - Virtual size: 6KB

CODE
Size: 128KB - Virtual size: 127KB

DATA
Size: 2KB - Virtual size: 1KB

BSS
Size: - Virtual size: 1KB

.idata
Size: 5KB - Virtual size: 5KB

.edata
Size: 1KB - Virtual size: 1KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 20KB - Virtual size: 19KB