423a5b472fb2d7942a0473d754434fc6_JaffaCakes118

General

Target

423a5b472fb2d7942a0473d754434fc6_JaffaCakes118
Size

2.3MB
MD5

423a5b472fb2d7942a0473d754434fc6
SHA1

ae265c09c5f8a024914273150a438e8f2c2daa0a
SHA256

1ef85ace7f48e49f48951553241ef640768ceeb9de78ab1996c03f54ccfbfb68
SHA512

44770a8dda6c881fc5fe19d6844440615907a8734ca1fe05cd232e4a55e6229523150258c2222ffe45fbf65b8e8fdc8971e54e4e5f19a09f162ba7aebde70078
SSDEEP

49152:dOVHMPicyttDMD3Evtm/ZAhC7eghh2/igE5VhqZ4UMWm:kCPhytW0lDhCiguagE/EZ47

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/按键模拟大师.exe

Files

423a5b472fb2d7942a0473d754434fc6_JaffaCakes118
.rar
按键模拟大师.exe
.exe windows:4 windows x86 arch:x86

73ec795c6c369c6ce2c3b4c3f6477daa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

lstrcatA
InitializeCriticalSection
GetProcAddress
LocalFree
RaiseException
LocalAlloc
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
DuplicateHandle
GetShortPathNameA
ResumeThread
WriteProcessMemory
GetPrivateProfileSectionA
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW

user32

DefWindowProcA
AdjustWindowRectEx

Sections

0
Size: 540KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

1
Size: 1.7MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

2
Size: 36KB - Virtual size: 538KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

3
Size: 120KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

4
Size: 48KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

5
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

6
Size: 8KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
新云软件.url
.url
脚本存档.txt

Sharing

General

Malware Config

Signatures

Files

73ec795c6c369c6ce2c3b4c3f6477daa

Headers

File Characteristics

Imports

kernel32

user32

Sections

0 Size: 540KB - Virtual size: 1.1MB

1 Size: 1.7MB - Virtual size: 2.5MB

2 Size: 36KB - Virtual size: 538KB

3 Size: 120KB - Virtual size: 118KB

4 Size: 48KB - Virtual size: 71KB

5 Size: 4KB - Virtual size: 3KB

6 Size: 8KB - Virtual size: 28KB

0
Size: 540KB - Virtual size: 1.1MB

1
Size: 1.7MB - Virtual size: 2.5MB

2
Size: 36KB - Virtual size: 538KB

3
Size: 120KB - Virtual size: 118KB

4
Size: 48KB - Virtual size: 71KB

5
Size: 4KB - Virtual size: 3KB

6
Size: 8KB - Virtual size: 28KB