3bfc131dd770e3836b5ee7dc07ffc5e8_JaffaCakes118

General

Target

3bfc131dd770e3836b5ee7dc07ffc5e8_JaffaCakes118
Size

2.1MB
MD5

3bfc131dd770e3836b5ee7dc07ffc5e8
SHA1

cae10dec8cb56428a01bd5d7f640ea78d1e59aa4
SHA256

c7891b137c1d756d3106504703bf38b5710d56145ce7f8f7b6709ad8ffc3ce12
SHA512

61b4eaf115049981e869f9f36f926282dd6c388dbf9eeffe19f992fbc3cec5eee8b4a3793e8e9d0b6d4ee6f0d3eb059fc4e809f7f1dc54dec561c0d897ccb7b6
SSDEEP

49152:dwvNZvxI5hv6fq/qTbxLvJU7O7KVH4vrUAwuZMfQOqHCxJ+Vv:gCbaZbaa7KSlwuWux

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/DVT/PATCH.EXE
unpack001/ImageAssistantSetup.exe

Files

3bfc131dd770e3836b5ee7dc07ffc5e8_JaffaCakes118
.rar
DVT/PATCH.EXE
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 66KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ImageAssistantSetup.exe
.exe windows:4 windows x86 arch:x86

678986d7fe8eb1ebce8a0b924f59474d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
VirtualFree
lstrcpyA
ExitProcess
DeleteFileA
FreeLibrary
GetProcAddress
LoadLibraryA
CloseHandle
WriteFile
lstrlenA
VirtualAlloc
ReadFile
CreateFileA
GetModuleFileNameA
GetLastError
CreateMutexA

user32

SetCursor
LoadCursorA
wsprintfA
MessageBoxA

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 574B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

Size: - Virtual size: 168KB

Size: 66KB - Virtual size: 68KB

678986d7fe8eb1ebce8a0b924f59474d

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 512B - Virtual size: 32B

.data Size: 512B - Virtual size: 9KB

.idata Size: 1024B - Virtual size: 574B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 896B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 512B - Virtual size: 32B

.data
Size: 512B - Virtual size: 9KB

.idata
Size: 1024B - Virtual size: 574B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 896B