8b7c3cedf8d7e877280970750f733a3f_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8b7c3cedf8d7e877280970750f733a3f_JaffaCakes118
Size

299KB
MD5

8b7c3cedf8d7e877280970750f733a3f
SHA1

ae94a4573af8ed25cc1a3028ba7f5d97d306de1b
SHA256

dcb7d7da707f7a9ac9c5bad83327118852e40f4a98bb3164bba82beaf87a4cad
SHA512

ff273693e4788b81a7bbdba11ae6c97a5c02c0a0de4862aea004803ff790a7d2c5bdccc405e63ccead27e9a13156302710be0c679e0cd3e29f64b24070317909
SSDEEP

6144:Xcbjf0CK+mWs/dB7aPfwrLTz0z7DxOK5kSVRaR3Nrva6i:XSJKDWuBmgH8fDcKGS/y9rC6i

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

resource	yara_rule
static1/unpack001/EstGod1.21/灵者扩展名助手.exe	aspack_v212_v242

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/EstGod1.21/灵者扩展名助手.exe

Files

8b7c3cedf8d7e877280970750f733a3f_JaffaCakes118
.rar
EstGod1.21/灵者扩展名助手.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 223KB - Virtual size: 496KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 23KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 17KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
EstGod1.21/灵者扩展名查询.edb