8d23eb19cb329026631d92bcdea0d6d1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8d23eb19cb329026631d92bcdea0d6d1_JaffaCakes118
Size

318KB
MD5

8d23eb19cb329026631d92bcdea0d6d1
SHA1

5591c98a6509796bd82d098c31f0dfcd725b8b23
SHA256

d33472a6f0539afb1e1afff90e73a8ccedfcab91c54470b14dbf6e7e63555ed7
SHA512

35c5df93a9af28301fefd2ab154bf87848566a1b0f141b7b806a11c15322a81d199ab53a36cc5b8c9bf7d8c0cc6d389fe6c00de5ed3c6a84713702ed6e046b25
SSDEEP

6144:kz8OizMY9pvA47t+Y4UEgeGifbVR6phF+agDXAbt/kfvokTdDNX:42rpvAtFGif767F+agrCt/k3oktNX

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

resource	yara_rule
static1/unpack001/QQ空间小秘书.exe	aspack_v212_v242

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/QQ空间小秘书.exe

Files

8d23eb19cb329026631d92bcdea0d6d1_JaffaCakes118
.rar
QQ空间小秘书.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 153KB - Virtual size: 552KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 97KB - Virtual size: 432KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
sound/T_c.wav
sound/T_s.wav
sound/新云软件.url
.url
使用教程.txt
免责声明.txt
升级方法.txt
版本说明.txt