0d8abe9a13e8848e17577bcb1cb8ab42_JaffaCakes118 | Triage

Sharing

General

Target

0d8abe9a13e8848e17577bcb1cb8ab42_JaffaCakes118
Size

1.4MB
MD5

0d8abe9a13e8848e17577bcb1cb8ab42
SHA1

c65697df02337be3c0095b1e9f14155b13f3164c
SHA256

bba0312276f09fb184387498c2a1216e9fd24f3bc99c861c8fc446ea3ae16c1b
SHA512

72c38f36ea4903c5d70f705a25f63eb5450978b08146736c73750e39c4602b051cefaf538cb48246bbf4e9b69e543696cf16d986f4970370417fab873e32fbdb
SSDEEP

24576:5VtO4x/NGPjx0ruf5ANwtxcoQ9YRS2ddU6JH7qj6JuRxuzwF:5zBx/6jeafysQ9S5Ij60vuzm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SponZor.exe

Files

0d8abe9a13e8848e17577bcb1cb8ab42_JaffaCakes118
.7z
SponZor.exe
.exe windows:4 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Sections

CODE
Size: 1.3MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
使用说明.txt