ec21260ae4b3b8993854310956a81c14_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ec21260ae4b3b8993854310956a81c14_JaffaCakes118
Size

179KB
MD5

ec21260ae4b3b8993854310956a81c14
SHA1

b7fc71896afd5b90020298314a71604c528b876c
SHA256

39ce1e129fdffc747eabc3c4dd1fbb8e6e78d25fbdecffcc3d1d090d94fabbee
SHA512

69a1f1ba9c512d4c2c1a41d15dbd1bc3430939b54042d8272a89b37d4b01c3a28ec45b3b6dd398408f0bd288ecf3795c244d7a81b41164af9659e1e9ef46380c
SSDEEP

3072:VKv2+lLyfa9S36p6pD0x53vEH+zREm25WZpluMQp/AFSjxl8/8wb0oRrbTvp618L:YRL0ac46pox53v6en25WZDur/rs/8hoX

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/w4rhook7/w4rhook7/w4r hook v7.dll	acprotect

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/w4rhook7/w4rhook7/w4r hook v7.dll	upx
static1/unpack001/w4rhook7/w4rhook7/w4r hook v7.exe	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/w4rhook7/w4rhook7/w4r hook v7.dll
unpack001/w4rhook7/w4rhook7/w4r hook v7.exe
unpack003/out.upx

Files

ec21260ae4b3b8993854310956a81c14_JaffaCakes118
.rar
w4rhook7/w4rhook7/-cRyStaL-oWnAge-.cfg
w4rhook7/w4rhook7/GoreInverse.cfg
w4rhook7/w4rhook7/ProdigyInverse.cfg
w4rhook7/w4rhook7/SplattInverse.cfg
w4rhook7/w4rhook7/afk.cfg
w4rhook7/w4rhook7/main.cfg
w4rhook7/w4rhook7/menu.txt
w4rhook7/w4rhook7/refresh.cfg
w4rhook7/w4rhook7/w4r hook v7.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

CreateInterface

Sections

UPX0
Size: - Virtual size: 416KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 141KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
w4rhook7/w4rhook7/w4r hook v7.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

@__lockDebuggerData$qv
@__unlockDebuggerData$qv
__DebuggerHookData
__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 42KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 416KB

UPX1 Size: 141KB - Virtual size: 144KB

UPX2 Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 60KB

UPX1 Size: 27KB - Virtual size: 28KB

.rsrc Size: 1KB - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 42KB - Virtual size: 44KB

.data Size: 10KB - Virtual size: 12KB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 2KB - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 4KB

.reloc Size: 2KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 416KB

UPX1
Size: 141KB - Virtual size: 144KB

UPX2
Size: 512B - Virtual size: 4KB

UPX0
Size: - Virtual size: 60KB

UPX1
Size: 27KB - Virtual size: 28KB

.rsrc
Size: 1KB - Virtual size: 4KB

.text
Size: 42KB - Virtual size: 44KB

.data
Size: 10KB - Virtual size: 12KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 4KB