ab5882eb27a54015098e4c3c595ec0f1_JaffaCakes118 | Triage

Sharing

General

Target

ab5882eb27a54015098e4c3c595ec0f1_JaffaCakes118
Size

3.4MB
MD5

ab5882eb27a54015098e4c3c595ec0f1
SHA1

b5f0e456354a48d72a4479754a20cc28544d711a
SHA256

5678456f8ad1751eaa10f1cc42b05d97f898612079e9469b279201e275a0ad0a
SHA512

b5b779a0744228d9699dc672b1864a47b5d4a9de4b728c55dc60b3ea2e8ba55f065e73e489b8d749e9841c0d9ac9306315722dd801ad50dca19d0a5945a52961
SSDEEP

98304:Zip/xsOzyvuV3MCLlfKToE0vukXCs9q/YtA:ZipxQvanYTi7XA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ssq500wan/setup.exe

Files

ab5882eb27a54015098e4c3c595ec0f1_JaffaCakes118
.rar
ssq500wan/setup.exe
.exe windows:1 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ssq500wan/sobar.bmp
ssq500wan/新云软件.url
.url