8d3457c6d57751e43970cc6fedd50aa9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8d3457c6d57751e43970cc6fedd50aa9_JaffaCakes118
Size

2.7MB
MD5

8d3457c6d57751e43970cc6fedd50aa9
SHA1

07e3879f39d5e098cda8c69b176da35798ea019c
SHA256

0f3a930f0bf1c369d2ec685e1122f0440a6580ccf6435b8afd68be883eca1c42
SHA512

d3a028cacb853e1140b8b539b8640563be41d6c53a853477dd7f368e025ff5c3e1d8218b1e8151e9d6fe58ef8ef6620e1d91a1a3088e6583d075868ee12536d6
SSDEEP

49152:HZbKaXAt2I5uRuNd+YxAUEjnQjKSzX3ZmI9jw5jDSDw3PKmnHOK:HZbK2At95AuNsJQjKeXpD9jw5jDSUfVX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/《穿越火线》幽灵辅助器.exe

Files

8d3457c6d57751e43970cc6fedd50aa9_JaffaCakes118
.rar
CF.dll
《穿越火线》幽灵辅助器.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 84KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

WinLicen
Size: 1.3MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
新云软件.url
.url
说明.txt