abd48c85efbe5300ed5b2fcbb635a29d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

abd48c85efbe5300ed5b2fcbb635a29d_JaffaCakes118
Size

802KB
MD5

abd48c85efbe5300ed5b2fcbb635a29d
SHA1

c38662ddcc5dc5799a034bf09f33678b9473315d
SHA256

43f44c5542e4dfe709e1f834acc364777bb34a37230138e3ab9abd7306362884
SHA512

a264a01d77335085a7bcbafa508a30124383dc5897edb3d84160e3091a7941fc685376f110ea0c125616f21c419c4e6e63327808304c38c270507e692e827407
SSDEEP

24576:db+mJznCB+K8Yee0GsncO5QJRPBm99/yo13:B1lCt83eIct88oh

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/9235922867/JQDY.exe	aspack_v212_v242

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/9235922867/JQDY.exe

Files

abd48c85efbe5300ed5b2fcbb635a29d_JaffaCakes118
.rar
9235922867/DataConnect.ini
9235922867/Frmbqymsjck.dcu
9235922867/Frmbqymsjck.ddp
9235922867/Frmbqymsjck.dfm
9235922867/Frmbqymsjck.pas
.js
9235922867/Frmjqdyck.dcu
9235922867/Frmjqdyck.ddp
9235922867/Frmjqdyck.dfm
9235922867/Frmjqdyck.pas
.js
9235922867/JQDY.cfg
9235922867/JQDY.dof
9235922867/JQDY.dpr
9235922867/JQDY.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 676KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 19KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 75KB - Virtual size: 408KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
9235922867/JQDY.res
9235922867/LABEL.DB
9235922867/Spxx.DB
9235922867/close1.bat
9235922867/下载说明.htm
.html .js polyglot
9235922867/标签模板/DataMax_Label.DB
9235922867/标签模板/DataMax_Label.ini
9235922867/标签模板/入库单.DB
9235922867/标签模板/入库单.ini
9235922867/标签模板/好日子标签.DB
9235922867/标签模板/好日子标签.ini
9235922867/标签模板/打印条码.DB
9235922867/标签模板/打印条码.ini
9235922867/标签模板/标签模板1.DB
9235922867/标签模板/标签模板1.ini
9235922867/标签模板/标签模板2.DB
9235922867/标签模板/标签模板2.ini
9235922867/标签模板/标签模板3.DB
9235922867/标签模板/标签模板3.ini
9235922867/说明.txt

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 676KB - Virtual size: 1.9MB

DATA Size: 19KB - Virtual size: 64KB

BSS Size: - Virtual size: 8KB

.idata Size: 4KB - Virtual size: 16KB

.tls Size: - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size: 132KB

.rsrc Size: 75KB - Virtual size: 408KB

.aspack Size: 6KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

CODE
Size: 676KB - Virtual size: 1.9MB

DATA
Size: 19KB - Virtual size: 64KB

BSS
Size: - Virtual size: 8KB

.idata
Size: 4KB - Virtual size: 16KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 132KB

.rsrc
Size: 75KB - Virtual size: 408KB

.aspack
Size: 6KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB