36d4adf2beea286a57209568b7d80d13_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

36d4adf2beea286a57209568b7d80d13_JaffaCakes118
Size

86KB
MD5

36d4adf2beea286a57209568b7d80d13
SHA1

dce473548b9728c65d97b4da43f9e75ae8948ac4
SHA256

f2be9269f40999cb9915fef48604ff386fc9e434216ea7c36c343922db6d7ebb
SHA512

0d45dee9be8de566f9dc369414a0b7d37603743732156cf98fce13151a9956526c0694a4124c8e2f84b183a44f327866fdcce77cf95cb846947eee85938e02f9
SSDEEP

1536:+O0vpHk6aFfqGFOJ+mSj9mU+zTwhOMBVypql5KsGfYtDLhznd8/WgKlkWAVRC+:+OSxk60S0g+mSj9mUsMny4l5KsUYtDPy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Windows 7 登录背景设置器.exe

Files

36d4adf2beea286a57209568b7d80d13_JaffaCakes118
.rar
155绿色软件站.url
.url
Windows 7 登录背景设置器.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\我的原创VB软件\Windows 7\Microsoft .NET Framework 3.5\Windows 7 登录背景设置器\Windows 7 登录背景设置器\obj\x86\Debug\Windows 7 登录背景设置器.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 229B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ