4c5e207b25cda85cdeddde15474b8cc5_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4c5e207b25cda85cdeddde15474b8cc5_JaffaCakes118
Size

466KB
MD5

4c5e207b25cda85cdeddde15474b8cc5
SHA1

0868e989eed605834933eaf6eccc10b6bea770db
SHA256

d165bca28dc3082d077b477b21fdc575f16e5f9f975eb152a149eb6636b19876
SHA512

87cce9e9adf185c73eaa156eac332ff44074a32cab0d667afa3f0ddaaeb07fa2b7e6bc58eebafdd4ac91457a21c923a33ee52e73fa3e3c2f3bcfd62787c0fbc3
SSDEEP

12288:KCWyJlbWc48j7Xxom8xCFU7sSThFV8Nm7wtiAnfDe9:KC5XbWKX40Ugwwmr+k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/qqdalaba/QQdalaba.exe

Files

4c5e207b25cda85cdeddde15474b8cc5_JaffaCakes118
.rar
qqdalaba/QQdalaba.exe
.exe windows:5 windows x86 arch:x86

4710e694cbc904bbde58b1960e1a3f6b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
GetProcessHeap
HeapFree
GetTickCount
GetModuleFileNameW
SetEnvironmentVariableW
GetCurrentProcessId
OpenFileMappingW
GetLastError
MapViewOfFile
CloseHandle
CreateFileW
CreateFileMappingW
UnmapViewOfFile
GetFileInformationByHandle
VirtualAlloc
VirtualFree
GetModuleHandleA
GetFileSizeEx
GetProcAddress
LoadLibraryW

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xcpad
Size: - Virtual size: 352KB

.idata
Size: 1024B - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
qqdalaba/安装说明.txt