4c6cf788b67698479ef78d8dc38c6939_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4c6cf788b67698479ef78d8dc38c6939_JaffaCakes118
Size

387KB
MD5

4c6cf788b67698479ef78d8dc38c6939
SHA1

68aeb0b26500037af903bcaf02f32336559667de
SHA256

5d69c00060645a7af4dee781f780fb50bb9a414fb75d1309770e2909a50c1ff9
SHA512

58fc23b8927a483bcab05aa676757b6ecf1afd30f09d121737208fca7b86370e7aa4fd6e6ffd50a0c6a5c3b1601b004d7614c21e3959d1f106e1a7d817deb0d6
SSDEEP

12288:1uyrr+1R7fa5GUh+gplOxl/Dj50D/6aMdJLdq:ULb0Zh+OlMlu/6aMdLq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/090611zhuliugan/HiNiע1.0/HiNiע1.0.exe

Files

4c6cf788b67698479ef78d8dc38c6939_JaffaCakes118
.zip
090611zhuliugan/HiNiע1.0/ʹð˵.txt
090611zhuliugan/HiNiע1.0/˵.htm
.html
090611zhuliugan/HiNiע1.0/ڰ.url
090611zhuliugan/HiNiע1.0/HiNiע1.0.exe
.exe windows:0 windows x86 arch:x86

dae2264e721d7c66f7fa35e864d11aba

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

HeapAlloc
GetProcessHeap
HeapFree
GetProcAddress
LoadLibraryA

Sections

.Kaos2
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Kaos12
Size: 380KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

upx
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE