Static task
static1
Behavioral task
behavioral1
Sample
新云软件.url
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
新云软件.url
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
畅销进销存.exe
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
畅销进销存.exe
Resource
win10v2004-20240709-en
General
-
Target
401df728d3e860005220d491c4a0d175_JaffaCakes118
-
Size
1.2MB
-
MD5
401df728d3e860005220d491c4a0d175
-
SHA1
8711e49009ff7d496f43bf63c0e0a44b77fb04b2
-
SHA256
be2df34ed182a32aa154cc1b88297c060b55f32e37a8e3d60b204d239b2c7174
-
SHA512
e1eb81b51da3447e6248d7a99a5c8fca4f6ab67ea8ade3093aff5dc2f4a0ee8478386c04a78f0f6c946eb480db912f58ca858d6df3c7acc2fd49a5b019a27f96
-
SSDEEP
24576:o4CBvo8lJl4cGChKrhKtA3WbSHLvsRRWbslynRc1OHiTFRDDDoNftgCZjaa:lCJo8lYZCcWbSHLvsRRWbsULHiTFxYlJ
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/畅销进销存.exe
Files
-
401df728d3e860005220d491c4a0d175_JaffaCakes118.rar
-
data.mdb
-
新云软件.url.url
-
畅销进销存.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
CODE Size: 1.9MB - Virtual size: 1.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
DATA Size: 49KB - Virtual size: 49KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BSS Size: - Virtual size: 8KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: - Virtual size: 16B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 24B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 128KB - Virtual size: 127KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ