64d3025b4325aca743140841bfbb2cfb_JaffaCakes118 | Triage

Sharing

General

Target

64d3025b4325aca743140841bfbb2cfb_JaffaCakes118
Size

1.5MB
MD5

64d3025b4325aca743140841bfbb2cfb
SHA1

0924a51290f7cde340433a3860404b869769978c
SHA256

e500759fd1f6cd6a2b8d7c1bc31821484138bf8780e0c7c7f29146668b9469d1
SHA512

dcc8eea8989fb6de8122827cbad3b4feb63da108753912c9be3ee289a1bafa82566c94e3554f682ee34e66669516936ef6c9201cd7a840bf8d64a396fa8b35a0
SSDEEP

24576:mXZwRkZ51IxEf9KJ8F8gWlMpEbYOXZm2gmCAduWQwzuAcDy7Lif3CpIIHe:m6CZ51IxECxyCmI7duf2uAKpfypIP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/海盗新浪邮箱注册机/海盗新浪邮箱注册机.exe

Files

64d3025b4325aca743140841bfbb2cfb_JaffaCakes118
.rar
海盗新浪邮箱注册机/截图.jpg
.jpg
海盗新浪邮箱注册机/海盗新浪邮箱注册机.exe
.exe windows:5 windows x86 arch:x86

ca6dc25c3b9219581f9b6f25a6c5fe7a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32 rasapi32

WideCharToMultiByte Q3&

Sections

.text
Size: 472KB - Virtual size: 1000KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xxxx
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

xxxx
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
海盗新浪邮箱注册机/软件说明.txt