b4888b133603d6559d005e30e82a7a3b_JaffaCakes118 | Triage

Sharing

General

Target

b4888b133603d6559d005e30e82a7a3b_JaffaCakes118
Size

2.5MB
MD5

b4888b133603d6559d005e30e82a7a3b
SHA1

90426bc0b046db985d86c4f0c8e898ca49b80304
SHA256

5a52290b0d6b1ab7292bac416bd9b59a9c231194821afdb79b27f7eb9246cae0
SHA512

8e4212708305ae88f8067df7bfe3020c56f2c6e7bdf78ed41af2ab5a0c48618077466035269692908df6c70b839ce04232d978019b759dfd35e56083e3feced3
SSDEEP

49152:s5sJvD73tTJeu4NJn1nMviNwAQQzkWiDS4TB3lWulYLPtoXhkf7SXzR/W8:XtNeu4XWiNwqzkWiZlWuiOXXXzR/d

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/winxp.exe

Files

b4888b133603d6559d005e30e82a7a3b_JaffaCakes118
.rar
winxp.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.nsp0
Size: - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp1
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nsp2
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
新云软件.url
.url
软件简介.txt