d05eb0be32a9e952f20f3f8588b3012c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d05eb0be32a9e952f20f3f8588b3012c_JaffaCakes118
Size

299KB
MD5

d05eb0be32a9e952f20f3f8588b3012c
SHA1

3fb8b1982529cfea34c034901e6f844d69e8cc35
SHA256

887ff0035169d61d2677a60c97ab9aa29bd1416662062f5c69c97236c612d588
SHA512

56c1e399dcc1b83b6ac2c84bb4e59ccdabacb1da630c7d3306866760a7c3cf2dcebdee8065cecdd78c11d6d77e4a8eea6cf487df1943ec1589be1e93ae48121f
SSDEEP

6144:lcb8f0CK+mWs/dB7aPfwrLTz0z7DxOK5kSVRaR3NrvEkdVD:lSQKDWuBmgH8fDcKGS/y9rMiD

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

resource	yara_rule
static1/unpack001/灵者扩展名助手.exe	aspack_v212_v242

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/灵者扩展名助手.exe

Files

d05eb0be32a9e952f20f3f8588b3012c_JaffaCakes118
.rar
新云软件.url
.url
灵者扩展名助手.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 223KB - Virtual size: 496KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 23KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 17KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
灵者扩展名查询.edb