42c80582ce2b25495acfb78fd5bc62de_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

42c80582ce2b25495acfb78fd5bc62de_JaffaCakes118
Size

2.2MB
MD5

42c80582ce2b25495acfb78fd5bc62de
SHA1

7a69868b4c4c8cf3ce5e31438a61d7e006e1b0f0
SHA256

cc62452cfdac3d69bcfe25b60a9f40d23c10602cfd7a031d874c99724cafd336
SHA512

c6c03b062a94da1378061de28c91e17214565aea2bc99c56ee5068a7b7e0630043811b352694eb73f90de803ad1842edac43fc48ceee9fa4945a03840700557e
SSDEEP

49152:26Ya+jiZhoqPQ0fPEDO3ldOh6a4lNsq5kcpCVEf2KogjZr:2Pfj8uF0fsEldOhtq5k1pgjZr

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

resource	yara_rule
static1/unpack001/Guardio.exe	aspack_v212_v242

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Guardio.exe

Files

42c80582ce2b25495acfb78fd5bc62de_JaffaCakes118
.rar
Guardio.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 987KB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 293KB - Virtual size: 508KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Guard!
Size: 207KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ProcessDB.dat
Wry.dat
全能优化用户手册.chm
.chm
安装说明.url
.url