35df33e8a092a4fc878ce6e8e0160f43_JaffaCakes118 | Triage

Sharing

General

Target

35df33e8a092a4fc878ce6e8e0160f43_JaffaCakes118
Size

412KB
MD5

35df33e8a092a4fc878ce6e8e0160f43
SHA1

0f0fb74fdbb2cb58c5a97152e32bb5681923ec9e
SHA256

d2d7ede1a05b8b98147decb99f22a294ee700b493fae55277216d6f94b95b01c
SHA512

8fb32b063de616d5847f89f709c22ac994e5b88d159d7e1dbcf53fa6bfd6e56f2af2e1075c8fa2288ac76953bc74e7fb1feec35440e465f7605323f94dc085cf
SSDEEP

12288:wyvUpH+SELVVty7uokluF/3DVjcwiNwPl:wvH+SEwioLfDCZKl

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

resource	yara_rule
static1/unpack001/3D语音开奖.exe	aspack_v212_v242

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/3D语音开奖.exe

Files

35df33e8a092a4fc878ce6e8e0160f43_JaffaCakes118
.rar
3D语音开奖.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 276KB - Virtual size: 648KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 63KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 24KB - Virtual size: 420KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 164KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
新云软件.url
.url