0ab89f522420f9273dc4b0669f6c414e_JaffaCakes118

General

Target

0ab89f522420f9273dc4b0669f6c414e_JaffaCakes118
Size

402KB
MD5

0ab89f522420f9273dc4b0669f6c414e
SHA1

93f38f82f1836b78cf16a60543d7d9d43f93cd4c
SHA256

f4a374c5e3eac36d4e8b5d5b35f8e7f07144452bc3db84c7adb405820f556772
SHA512

04aab349b83b5b8046cad860180eeacf55f1fbf12d3aea370d999d1edd61e51e84d124b1e9ef9372ef193cd8770b15f52647f9c115cda025bc020666bc2a9cae
SSDEEP

12288:nhHs9Exvud/jgobSneBY57isf8ubruxu2Wp:nhHs9y+/jgOSee575nn8u2Wp

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/kelongqi_6.5_lhdown/Qzonekelong/Qzonekelong.exe	aspack_v212_v242

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/kelongqi_6.5_lhdown/Qzonekelong/Qzonekelong.exe

Files

0ab89f522420f9273dc4b0669f6c414e_JaffaCakes118
.rar
kelongqi_6.5_lhdown/Qzonekelong/Qzonekelong.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 288KB - Virtual size: 728KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 81KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 105KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
kelongqi_6.5_lhdown/Qzonekelong/下载站下载说明.htm
.html .js polyglot
kelongqi_6.5_lhdown/Qzonekelong/使用方法.txt

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 288KB - Virtual size: 728KB

DATA Size: 4KB - Virtual size: 12KB

BSS Size: - Virtual size: 8KB

.idata Size: 3KB - Virtual size: 12KB

.tls Size: - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.reloc Size: - Virtual size: 52KB

.rsrc Size: 81KB - Virtual size: 284KB

.aspack Size: 105KB - Virtual size: 108KB

.adata Size: - Virtual size: 4KB

CODE
Size: 288KB - Virtual size: 728KB

DATA
Size: 4KB - Virtual size: 12KB

BSS
Size: - Virtual size: 8KB

.idata
Size: 3KB - Virtual size: 12KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.reloc
Size: - Virtual size: 52KB

.rsrc
Size: 81KB - Virtual size: 284KB

.aspack
Size: 105KB - Virtual size: 108KB

.adata
Size: - Virtual size: 4KB