489be6b456aeb73243635e0a909f0091_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

489be6b456aeb73243635e0a909f0091_JaffaCakes118
Size

857KB
MD5

489be6b456aeb73243635e0a909f0091
SHA1

933a38cdedde834258555955606d15f34dd1c18f
SHA256

941299dfcb7d1c45a5878912b059ff4dfee4d60598828b1506c70933318fc248
SHA512

c97b13d4e1f18a41821d6630a4f4a63d9dce31fa976016d7686cad6132687b4ff74f34dcfb15f65affd8c9487abe77667a2d5f9ad38b10a61d52b141c4f91792
SSDEEP

24576:QUw38dpWGXmTtGwITsJEJ+GEFxV8RHGpvhyb:pwMdcGWTHAJrEF6OvE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/小说阅读器/小说阅读器.exe

Files

489be6b456aeb73243635e0a909f0091_JaffaCakes118
.rar
小说阅读器/小说阅读器.exe
.exe windows:4 windows x86 arch:x86

a6811772d5952f7c09cdcde6a7fb1731

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

winmm

waveOutOpen

ws2_32

inet_ntoa

rasapi32

RasHangUpA

user32

GetDC

gdi32

LineTo

msimg32

AlphaBlend

winspool.drv

ClosePrinter

comdlg32

PrintDlgA

advapi32

RegCloseKey

shell32

DragFinish

ole32

OleRun

oleaut32

VarDateFromStr

comctl32

ord17

oledlg

ord8

wininet

InternetOpenA

Sections

.MPRESS1
Size: 836KB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
小说阅读器/新云软件.url
.url