a5ae44042a3b3b1e3e8b03d4edca95c9_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a5ae44042a3b3b1e3e8b03d4edca95c9_JaffaCakes118
Size

415KB
MD5

a5ae44042a3b3b1e3e8b03d4edca95c9
SHA1

c2ed1ab261eaf830bdf8238056055e03961d8121
SHA256

73661a90dddd05df781f07965f931090d10257e5c9da857fc5e12ac5fd9f31d7
SHA512

8a896e714f8ab231994ba28ff31e5ca563ad6b2adc1fd939f284dc613ece99120f8ff9e697a7c3e7772ca4b42a96aea7e19255f763c0acf744a520f7c035486e
SSDEEP

6144:CisuYW32FiiD0lYsfNI+3glzHxGg4ABc65D6L4SAmedqEDGhy+bo6n9uzx:CiDYHFpD0CsfN3ghxGxScANrAbVnq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/3dxq.exe

Files

a5ae44042a3b3b1e3e8b03d4edca95c9_JaffaCakes118
.rar
3dxq.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 915KB - Virtual size: 914KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 39B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
下载说明.htm
.html .js polyglot