3c8d13ea8959b4556aa995d67422b059_JaffaCakes118 | Triage

Sharing

General

Target

3c8d13ea8959b4556aa995d67422b059_JaffaCakes118
Size

11.6MB
MD5

3c8d13ea8959b4556aa995d67422b059
SHA1

f3191b36f7c19cf46d55c17e8e7e16a72701684e
SHA256

23a683e3a09e0dbe0fbc72928a60328257eebce18eb1a15bc041b22afe012afc
SHA512

4d92be3831c6e43ce42212fabf06f196e3f6205f949a29590e278477f1542333173f5876d7214533e7a51800c4849a5d6b4c5f33e63ad62b7a0989c8f79cf1fc
SSDEEP

196608:Hv7b1HZ4MHl2EVaiDoLDkfpxohwCpU7UOTfuqW8bwdJ+1lWNPkIO9kBfT:zb1HZLcepwUBfZwJ+18MIO9gfT

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

resource	yara_rule
static1/unpack001/e/E海系统维护工具.exe	aspack_v212_v242

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/e/E海系统维护工具.exe

Files

3c8d13ea8959b4556aa995d67422b059_JaffaCakes118
.rar
e/E海系统维护工具.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 206KB - Virtual size: 452KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 11.4MB - Virtual size: 19.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 17KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE