423b21cf4411fc43b7ffde67c63cc415_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

423b21cf4411fc43b7ffde67c63cc415_JaffaCakes118
Size

105KB
MD5

423b21cf4411fc43b7ffde67c63cc415
SHA1

ec148bc740751a619defcc0bdbc745f985773e15
SHA256

a8fac6283fb326d0c1bb727c1a9b0e2c36c252f1fc6d4d50acd4479af146e390
SHA512

0abb7b8d4cf46b2a96cfb6077203b4cdce63fa0295b67365de8e1d94003706478e20a20404ea1e00b96ae003b7e3237b9b4de93f57706c4d52d6bc394b96a138
SSDEEP

3072:Uf7OpWFT08l50JLoTXxhW3IgfBWCi/dTykfyiHjzP:OAWFT8eghkz/d9aiHjr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/魔兽改键快手/魔兽改键快手.exe

Files

423b21cf4411fc43b7ffde67c63cc415_JaffaCakes118
.rar
飘荡精品软件.url
.url
魔兽改键快手/setting.ini
魔兽改键快手/魔兽改键快手.exe
.exe windows:4 windows x86 arch:x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Sections

.text
Size: 96KB - Virtual size: 376KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE