Static task
static1
Behavioral task
behavioral1
Sample
1001下载乐园.url
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
1001下载乐园.url
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
TCPOptimizer.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
TCPOptimizer.exe
Resource
win10v2004-20241007-en
General
-
Target
2e102c5f1e99290feefa5c82a7af965e_JaffaCakes118
-
Size
209KB
-
MD5
2e102c5f1e99290feefa5c82a7af965e
-
SHA1
54de509904f3416df29c17ab8b1f3eaba452e04b
-
SHA256
4201ff0ac4a6b8e59a7ade99aafc4dfd29261a7ba3dd84e928c3024a9cf94068
-
SHA512
7586d15e63e3dc04dc353736374f6a49fc8fd6ad3890b921e043036a08391dd5359c014bd27ea0ae83b1370ca7396bd3d16ccf74109cff4bd5d6b8a1c5459c4c
-
SSDEEP
6144:6+1Ox6Lp+JVjwjhbg4wFEX4HyXIwpYlNg5TsYxcJf5:5wjuySjFxD2B
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/TCPOptimizer.exe
Files
-
2e102c5f1e99290feefa5c82a7af965e_JaffaCakes118.rar
-
1001下载乐园.url.url
-
Readme.htm.html .js polyglot
-
TCPOptimizer.exe.exe windows:4 windows x86 arch:x86
b8111320f794d9e62a7ffe5d84bed59a
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
LoadLibraryA
GetProcAddress
VirtualFree
VirtualAlloc
Sections
hmimys Size: - Virtual size: 728KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
hmimys Size: 211KB - Virtual size: 212KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
hmimys Size: - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
使用说明.txt