a7b05911bd3df56b8db52b3d30e824d0_JaffaCakes118

General

Target

a7b05911bd3df56b8db52b3d30e824d0_JaffaCakes118
Size

1.5MB
MD5

a7b05911bd3df56b8db52b3d30e824d0
SHA1

a08daf934446e4572c4a5dee1571f53c6c34ce23
SHA256

8153e11fc438ad66d427bacf5e068eac52f0c430f02aeb4ed9fe6c8f33875b95
SHA512

89c22b575f2bb48e469a8972bdfb8cefef5e5d9c7159e8fa61686f31b100fc081febc42d1fc10d09a8d14bfb4c2bd7ab7ca8c3f524e869f982a5277978f250e0
SSDEEP

24576:GyCbThpDhtjBREmrDzmlTGn855yKFZKMrFdjgnwYCBOGrCCP/YI50UvG//:GyC75+UzmlC8iKFsMrFNPN7nYI5zO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/soft tool/风逍遥软件管理工具.exe

Files

a7b05911bd3df56b8db52b3d30e824d0_JaffaCakes118
.rar
soft tool/新云软件.url
.url
soft tool/风逍遥软件管理工具.exe
.exe windows:4 windows x86 arch:x86

de6185b8cdae1e84cb8f9add0b5f8afc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

lstrcatA
InitializeCriticalSection
GetProcAddress
LocalFree
RaiseException
LocalAlloc
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
GetShortPathNameA
ResumeThread
WriteProcessMemory
GetPrivateProfileSectionA
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW

user32

DefWindowProcA
AdjustWindowRectEx

Sections

0
Size: 512B - Virtual size: 556B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

1
Size: 512B - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

2
Size: 229KB - Virtual size: 570KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

3
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

4
Size: 45KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

5
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

6
Size: 7KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

de6185b8cdae1e84cb8f9add0b5f8afc

Headers

File Characteristics

Imports

kernel32

user32

Sections

0 Size: 512B - Virtual size: 556B

1 Size: 512B - Virtual size: 404B

2 Size: 229KB - Virtual size: 570KB

3 Size: 4KB - Virtual size: 4KB

4 Size: 45KB - Virtual size: 70KB

5 Size: 3KB - Virtual size: 3KB

6 Size: 7KB - Virtual size: 28KB

0
Size: 512B - Virtual size: 556B

1
Size: 512B - Virtual size: 404B

2
Size: 229KB - Virtual size: 570KB

3
Size: 4KB - Virtual size: 4KB

4
Size: 45KB - Virtual size: 70KB

5
Size: 3KB - Virtual size: 3KB

6
Size: 7KB - Virtual size: 28KB