84f0a11383385442c71e9e945e68a0e3_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

84f0a11383385442c71e9e945e68a0e3_JaffaCakes118
Size

1.6MB
MD5

84f0a11383385442c71e9e945e68a0e3
SHA1

6e354d5a5fe431d752a9011ae144bb80a3677e94
SHA256

c1da4e2c63883971025f938b360e80b17cd858bc159fbb5948d93e2cf22c0586
SHA512

4df2152542f56f9f2b0426eb4578cbd0508354a3c4fb289e0a2343c13f79867d4ad1e2c29e3a1ed7bb01d5916e8421b0c00917231ab3f1de32e876541964a203
SSDEEP

49152:Io/w+/z+DCrykMVCLWObjJEkn49locoYtINhyJzriwFm5bk:Io/w+/VykMCnJE649lozYtIKJ3iwFm54

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ha-winace261-snear.exe

Files

84f0a11383385442c71e9e945e68a0e3_JaffaCakes118
.rar
ha-winace261-snear.exe
.exe windows:1 windows x86 arch:x86

d9b42d0cf0f2c5121c5845b5afbb7c23

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

advapi32

RegSetValueExA

gdi32

SetTextColor

ole32

CoCreateInstance

oleaut32

VariantChangeTypeEx

shell32

SHGetSpecialFolderLocation

user32

WaitForInputIdle

Sections

A
Size: 68KB - Virtual size: 388KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
下载说明.htm
.html .js polyglot
汉化说明.txt