d0ad9bc34cd2334b79f61e683999e790_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d0ad9bc34cd2334b79f61e683999e790_JaffaCakes118
Size

1.4MB
MD5

d0ad9bc34cd2334b79f61e683999e790
SHA1

abd705694c0e27dac73e12208154fc720de7e236
SHA256

be2abc30b40cd314fb8fe690049499774c7782b2da1043360f6163b23f7c655f
SHA512

120705f6445b5c2e75f46069f1bae04ebc93f3e62aebe3d7a1f349158459e97ffc9973edce4af4e3dfce3b4fea1023b198a6f79a6a5a76728e851237f1e12579
SSDEEP

24576:ANKZDpZHVzVYz1cGjFwQuF9P1FKKlgdZ2OnEOS/KxNk52tBgSlkDz2DgMy5m2USU:JZ31z6zaU9MNFHYZ2uEjwNeSNOQL/v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/火车票余票查询.exe

Files

d0ad9bc34cd2334b79f61e683999e790_JaffaCakes118
.rar
新云软件.url
.url
火车票余票查询.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 471KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 200KB - Virtual size: 664KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

WinLicen
Size: 977KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
软件说明.txt