768badc280495d77763921ae8bf81ed6_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

768badc280495d77763921ae8bf81ed6_JaffaCakes118
Size

380KB
MD5

768badc280495d77763921ae8bf81ed6
SHA1

25a15100f7257b1922e978bc310e22bfe675414d
SHA256

9f40f0f8d5675456759f09ad8e86a8532c0dede4ad5c0e82a324bcfae1d6a761
SHA512

021977b035bd5391e3f5699b5e65a0f24f2d262d154c1eb4d5bf71eb89d4ad967bd4e84558f6530b04a22e45098929f6c60f0ebf3f80ee6516d809fe43a1b721
SSDEEP

6144:KSz+RDSNzjpcP+x0X1ExtQYRoE+BnLq/hJbGsibU6/NOOLQgDWLx5XHG+dc+/bLA:KSeWWVq4YRELqpJbv6UuNHkTXmwcUbLA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ImageCut_3.8.513_gb/ImageCut.exe

Files

768badc280495d77763921ae8bf81ed6_JaffaCakes118
.rar
ImageCut_3.8.513_gb/ImageCut.exe
.exe windows:4 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Sections

.text
Size: 361KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ImageCut_3.8.513_gb/ImageCut.ver
ImageCut_3.8.513_gb/Q&A.txt
ImageCut_3.8.513_gb/Readme.txt
ImageCut_3.8.513_gb/Update.txt
ImageCut_3.8.513_gb/新云软件.url
.url