f99dd71b57a9ef72bf482bf45172e106_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f99dd71b57a9ef72bf482bf45172e106_JaffaCakes118
Size

283KB
MD5

f99dd71b57a9ef72bf482bf45172e106
SHA1

f2c056507c2cd9081045c5263ec1f22c2c9f6215
SHA256

e5e47f205c56171001baa3e744af55366a1558f63bc76f29799c182b64df3dbf
SHA512

7924002eec5b1a7c0b15b92d7af0b597ef1cfda3882715ae3c9ddf9827036d2db720ea774596ae5b53684a6cec82881e2faae1bafdeae075c574f834fefa5de4
SSDEEP

6144:nbBtMV/gxlfJk4dIg/3qdUBMUAPyVPEeZ4ViQBYT:VmgxlO47hBNsRPe

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
f99dd71b57a9ef72bf482bf45172e106_JaffaCakes118
unpack001/out.upx

Files

f99dd71b57a9ef72bf482bf45172e106_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 556KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 267KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

@$xp$10Psock@PINT
@$xp$12Nmftp@TNMFTP
@$xp$12Nmudp@TNMUDP
@$xp$12Nmurl@TNMURL
@$xp$12Nmurl@TNMURL
@$xp$12Psock@PPChar
@$xp$12Psock@TNMReg
@$xp$14Nmftp@TCmdType
@$xp$14Nmhttp@CmdType
@$xp$14Nmhttp@TNMHTTP
@$xp$14Psock@PLongint
@$xp$14Psock@PWSAData
@$xp$15Nmudp@TOnStatus
@$xp$15Nmuue@UUMethods
@$xp$15Psock@PHostInfo
@$xp$15Psock@PPLongInt
@$xp$15Psock@THostInfo
@$xp$15Psock@TOnStatus
@$xp$16Nmftp@TFTPVMList
@$xp$16Nmudp@TOnReceive
@$xp$16Psock@ESockError
@$xp$16Psock@PTimeValue
@$xp$16Psock@TPowersock
@$xp$16Psock@TTimeValue
@$xp$17Nmftp@TFTPDOSList
@$xp$17Nmftp@TFTPMVSList
@$xp$17Nmftp@TFTPVMSList
@$xp$17Nmftp@TNMListItem
@$xp$17Psock@EAbortError
@$xp$17Psock@PServerInfo
@$xp$17Psock@PSocketList
@$xp$17Psock@TServerInfo
@$xp$17Psock@TSocketList
@$xp$18Nmftp@FTPException
@$xp$18Nmftp@TFTPUnixList
@$xp$18Nmhttp@THeaderInfo
@$xp$18Nmudp@TBuffInvalid
@$xp$18Nmudp@UDPSockError
@$xp$18Psock@TThreadTimer
@$xp$19Nmftp@TFTPAS400List
@$xp$19Nmftp@TFTPMACOSList
@$xp$19Nmftp@TFTPOTHERList
@$xp$19Nmftp@TFailureEvent
@$xp$19Nmftp@TFirewallType
@$xp$19Nmftp@TSuccessEvent
@$xp$19Nmhttp@TResultEvent
@$xp$19Nmudp@THandlerEvent
@$xp$19Nmudp@TOnErrorEvent
@$xp$19Nmurl@TOnErrorEvent
@$xp$19Nmurl@TOnErrorEvent
@$xp$19Psock@PProtocolInfo
@$xp$19Psock@THandlerEvent
@$xp$19Psock@TOnErrorEvent
@$xp$19Psock@TProtocolInfo
@$xp$19Psock@TSimpleThread
@$xp$19Psock@TThreadMethod
@$xp$20Nmhttp@HTTPException
@$xp$20Nmudp@TStreamInvalid
@$xp$20Nmuue@TNMUUProcessor
@$xp$20Psock@PSocketAddress
@$xp$20Psock@TSocketAddress
@$xp$20Urlparse@URLParse__1
@$xp$21Nmftp@TFTPNETWAREList
@$xp$21Psock@TOnHostResolved
@$xp$22Nmextstr@TExStringList
@$xp$22Nmextstr@TExStringList
@$xp$22Psock@TNMGeneralServer
@$xp$23Nmftp@TFTPDirectoryList
@$xp$23Nmftp@TUnsupportedEvent
@$xp$23Psock@PTNMGeneralServer
@$xp$26Nmfifobuffer@TNMFifoBuffer
@$xp$26Nmfilebuffer@TNMFileBuffer
@@Unit1@Finalize
@@Unit1@Initialize
@@Unit2@Finalize
@@Unit2@Initialize
@Nm64decode@B64Decode$qqrpx15Classes@TStreamrp15Classes@TStream
@Nm64decode@Finalization$qqrv
@Nm64decode@initialization$qqrv
@Nm64encode@B64Encode$qqrpx15Classes@TStreamt1
@Nm64encode@Finalization$qqrv
@Nm64encode@initialization$qqrv
@Nmconst@Finalization$qqrv
@Nmconst@initialization$qqrv
@Nmextstr@Finalization$qqrv
@Nmextstr@Finalization$qqrv
@Nmextstr@TExStringList@
@Nmextstr@TExStringList@
@Nmextstr@TExStringList@GetValue$qqrx17System@AnsiString
@Nmextstr@TExStringList@GetValue$qqrx17System@AnsiString
@Nmextstr@TExStringList@IndexOfName$qqrx17System@AnsiString
@Nmextstr@TExStringList@IndexOfName$qqrx17System@AnsiString
@Nmextstr@TExStringList@SetValue$qqrx17System@AnsiStringt1
@Nmextstr@TExStringList@SetValue$qqrx17System@AnsiStringt1
@Nmextstr@initialization$qqrv
@Nmextstr@initialization$qqrv
@Nmfifobuffer@Finalization$qqrv
@Nmfifobuffer@TNMFifoBuffer@
@Nmfifobuffer@TNMFifoBuffer@$bctr$qqrv
@Nmfifobuffer@TNMFifoBuffer@$bdtr$qqrv
@Nmfifobuffer@TNMFifoBuffer@Append$qqrpxvxi
@Nmfifobuffer@TNMFifoBuffer@Clear$qqrv
@Nmfifobuffer@TNMFifoBuffer@InitDiskBuffer$qqrv
@Nmfifobuffer@TNMFifoBuffer@LoadFromFile$qqrx17System@AnsiString
@Nmfifobuffer@TNMFifoBuffer@LoadFromStream$qqrp15Classes@TStream
@Nmfifobuffer@TNMFifoBuffer@Peek$qqrpvxi
@Nmfifobuffer@TNMFifoBuffer@Remove$qqrpvxi
@Nmfifobuffer@TNMFifoBuffer@Search$qqrpxv
@Nmfifobuffer@TNMFifoBuffer@_CalculateThreshold$qqrxd
@Nmfifobuffer@TNMFifoBuffer@_CreateTemporaryFileName$qqrv
@Nmfifobuffer@TNMFifoBuffer@_Init$qqrv
@Nmfifobuffer@TNMFifoBuffer@_SetMemoryBufferCapacity$qqrxi
@Nmfifobuffer@TNMFifoBuffer@_Shuffle$qqrpv
@Nmfifobuffer@initialization$qqrv
@Nmfilebuffer@Finalization$qqrv
@Nmfilebuffer@TNMFileBuffer@
@Nmfilebuffer@TNMFileBuffer@$bctr$qqrpx15Classes@TStream
@Nmfilebuffer@TNMFileBuffer@$bdtr$qqrv
@Nmfilebuffer@TNMFileBuffer@NextMemoryBuffer$qqrpxcxi
@Nmfilebuffer@initialization$qqrv
@Nmftp@FTPException@
@Nmftp@Finalization$qqrv
@Nmftp@Register$qqrv
@Nmftp@TFTPAS400List@
@Nmftp@TFTPAS400List@ParseLine$qqr17System@AnsiString
@Nmftp@TFTPDOSList@
@Nmftp@TFTPDOSList@ParseLine$qqr17System@AnsiString
@Nmftp@TFTPDirectoryList@
@Nmftp@TFTPDirectoryList@$bctr$qqrv
@Nmftp@TFTPDirectoryList@$bdtr$qqrv
@Nmftp@TFTPDirectoryList@Clear$qqrv
@Nmftp@TFTPDirectoryList@ParseLine$qqr17System@AnsiString
@Nmftp@TFTPMACOSList@
@Nmftp@TFTPMACOSList@ParseLine$qqr17System@AnsiString
@Nmftp@TFTPMVSList@
@Nmftp@TFTPMVSList@ParseLine$qqr17System@AnsiString
@Nmftp@TFTPNETWAREList@
@Nmftp@TFTPNETWAREList@ParseLine$qqr17System@AnsiString
@Nmftp@TFTPOTHERList@
@Nmftp@TFTPOTHERList@ParseLine$qqr17System@AnsiString
@Nmftp@TFTPUnixList@
@Nmftp@TFTPUnixList@ParseLine$qqr17System@AnsiString
@Nmftp@TFTPVMList@
@Nmftp@TFTPVMList@ParseLine$qqr17System@AnsiString
@Nmftp@TFTPVMSList@
@Nmftp@TFTPVMSList@ParseLine$qqr17System@AnsiString
@Nmftp@TNMFTP@
@Nmftp@TNMFTP@$bctr$qqrp18Classes@TComponent
@Nmftp@TNMFTP@$bdtr$qqrv
@Nmftp@TNMFTP@Abort$qqrv
@Nmftp@TNMFTP@Allocate$qqri
@Nmftp@TNMFTP@ChangeDir$qqr17System@AnsiString
@Nmftp@TNMFTP@CheckRead$qqrp14System@TObject
@Nmftp@TNMFTP@Connect$qqrv
@Nmftp@TNMFTP@Delete$qqr17System@AnsiString
@Nmftp@TNMFTP@Disconnect$qqrv
@Nmftp@TNMFTP@DoCommand$qqr17System@AnsiString
@Nmftp@TNMFTP@Download$qqr17System@AnsiStringt1
@Nmftp@TNMFTP@DownloadRestore$qqr17System@AnsiStringt1
@Nmftp@TNMFTP@Flush$qqrv
@Nmftp@TNMFTP@GetBytesRcvd$qqrv
@Nmftp@TNMFTP@GetBytesSent$qqrv
@Nmftp@TNMFTP@GetBytesTotal$qqr17System@AnsiString
@Nmftp@TNMFTP@GetCurrentDir$qqrv
@Nmftp@TNMFTP@List$qqrv
@Nmftp@TNMFTP@MakeDirectory$qqr17System@AnsiString
@Nmftp@TNMFTP@Mode$qqri
@Nmftp@TNMFTP@Nlist$qqrv
@Nmftp@TNMFTP@ReadExtraLines$qqr17System@AnsiString
@Nmftp@TNMFTP@Reinitialize$qqrv
@Nmftp@TNMFTP@RemoveDir$qqr17System@AnsiString
@Nmftp@TNMFTP@Rename$qqr17System@AnsiStringt1
@Nmftp@TNMFTP@Transaction$qqrx17System@AnsiString
@Nmftp@TNMFTP@Upload$qqr17System@AnsiStringt1
@Nmftp@TNMFTP@UploadAppend$qqr17System@AnsiStringt1
@Nmftp@TNMFTP@UploadRestore$qqr17System@AnsiStringt1i
@Nmftp@TNMFTP@UploadUnique$qqr17System@AnsiString
@Nmftp@initialization$qqrv
@Nmhttp@Finalization$qqrv
@Nmhttp@HTTPException@
@Nmhttp@Register$qqrv
@Nmhttp@THeaderInfo@
@Nmhttp@TNMHTTP@
@Nmhttp@TNMHTTP@$bctr$qqrp18Classes@TComponent
@Nmhttp@TNMHTTP@$bdtr$qqrv
@Nmhttp@TNMHTTP@Abort$qqrv
@Nmhttp@TNMHTTP@AssembleHTTPHeader$qqrv
@Nmhttp@TNMHTTP@Copy$qqr17System@AnsiStringt1
@Nmhttp@TNMHTTP@Delete$qqr17System@AnsiString
@Nmhttp@TNMHTTP@Get$qqr17System@AnsiString
@Nmhttp@TNMHTTP@HTTPConnect$qqrv
@Nmhttp@TNMHTTP@Head$qqr17System@AnsiString
@Nmhttp@TNMHTTP@Link$qqr17System@AnsiStringt1
@Nmhttp@TNMHTTP@Move$qqr17System@AnsiStringt1
@Nmhttp@TNMHTTP@Options$qqr17System@AnsiString
@Nmhttp@TNMHTTP@Patch$qqr17System@AnsiStringt1
@Nmhttp@TNMHTTP@Post$qqr17System@AnsiStringt1
@Nmhttp@TNMHTTP@PostStream$qqr17System@AnsiStringp15Classes@TStream
@Nmhttp@TNMHTTP@Put$qqr17System@AnsiStringt1
@Nmhttp@TNMHTTP@RemoveHeader$qqrv
@Nmhttp@TNMHTTP@SendHTTP$qqrv
@Nmhttp@TNMHTTP@Trace$qqr17System@AnsiStringt1
@Nmhttp@TNMHTTP@UnLink$qqr17System@AnsiStringt1
@Nmhttp@TNMHTTP@Wrapped$qqr17System@AnsiStringt1
@Nmhttp@initialization$qqrv
@Nmudp@Finalization$qqrv
@Nmudp@Register$qqrv
@Nmudp@TNMUDP@
@Nmudp@TNMUDP@$bctr$qqrp18Classes@TComponent
@Nmudp@TNMUDP@$bdtr$qqrv
@Nmudp@TNMUDP@Cancel$qqrv
@Nmudp@TNMUDP@ErrorManager$qqrus
@Nmudp@TNMUDP@Loaded$qqrv
@Nmudp@TNMUDP@ProcessIncomingdata$qqrv
@Nmudp@TNMUDP@ReadBuffer$qqrpcxiri
@Nmudp@TNMUDP@ReadStream$qqrp15Classes@TStream
@Nmudp@TNMUDP@ResolveRemoteHost$qqrv
@Nmudp@TNMUDP@SendBuffer$qqrpxcxii
@Nmudp@TNMUDP@SendStream$qqrp15Classes@TStream
@Nmudp@TNMUDP@SetLocalPort$qqri
@Nmudp@TNMUDP@SocketErrorStr$qqrus
@Nmudp@TNMUDP@StatusMessage$qqruc17System@AnsiString
@Nmudp@TNMUDP@Wait$qqrv
@Nmudp@TNMUDP@WndProc$qqrr17Messages@TMessage
@Nmudp@UDPSockError@
@Nmudp@initialization$qqrv
@Nmurl@Finalization$qqrv
@Nmurl@Finalization$qqrv
@Nmurl@Register$qqrv
@Nmurl@TNMURL@
@Nmurl@TNMURL@
@Nmurl@TNMURL@$bctr$qqrp18Classes@TComponent
@Nmurl@TNMURL@$bctr$qqrp18Classes@TComponent
@Nmurl@TNMURL@$bdtr$qqrv
@Nmurl@TNMURL@$bdtr$qqrv
@Nmurl@TNMURL@GetDecodeString$qqrv
@Nmurl@TNMURL@GetDecodeString$qqrv
@Nmurl@TNMURL@GetEncodeString$qqrv
@Nmurl@TNMURL@GetEncodeString$qqrv
@Nmurl@TNMURL@URLDecode$qqrx17System@AnsiString
@Nmurl@TNMURL@URLDecode$qqrx17System@AnsiString
@Nmurl@TNMURL@URLEncode$qqrx17System@AnsiString
@Nmurl@TNMURL@URLEncode$qqrx17System@AnsiString
@Nmurl@initialization$qqrv
@Nmurl@initialization$qqrv
@Nmuudecode@Finalization$qqrv
@Nmuudecode@UUEDecode$qqrpx15Classes@TStreamrp15Classes@TStream
@Nmuudecode@initialization$qqrv
@Nmuue@Finalization$qqrv
@Nmuue@Register$qqrv
@Nmuue@TNMUUProcessor@
@Nmuue@TNMUUProcessor@$bctr$qqrp18Classes@TComponent
@Nmuue@TNMUUProcessor@Decode$qqrv
@Nmuue@TNMUUProcessor@Encode$qqrv
@Nmuue@initialization$qqrv
@Nmuuencode@Finalization$qqrv
@Nmuuencode@UUEEncode$qqrpx15Classes@TStreamt1
@Nmuuencode@initialization$qqrv
@Peunit@Finalization$qqrv
@Peunit@MemExecute$qqrpxvi17System@AnsiStringrui
@Peunit@filetoinject
@Peunit@initialization$qqrv
@Peunit@inject$qqr17System@AnsiStringt1
@Psock@EAbortError@
@Psock@ESockError@
@Psock@ExecuteInThread$qqrynpqqrpv$vpv
@Psock@Finalization$qqrv
@Psock@NthPos$qqr17System@AnsiStringci
@Psock@NthWord$qqr17System@AnsiStringci
@Psock@PsockAllocateHWnd$qqrp14System@TObject
@Psock@Register$qqrv
@Psock@StreamLn$qqrp15Classes@TStream17System@AnsiString
@Psock@TNMGeneralServer@
@Psock@TNMGeneralServer@$bctr$qqrp18Classes@TComponent
@Psock@TNMGeneralServer@$bdtr$qqrv
@Psock@TNMGeneralServer@Abort$qqrv
@Psock@TNMGeneralServer@Connect$qqrv
@Psock@TNMGeneralServer@DisPatchResponse$qqrpv
@Psock@TNMGeneralServer@Loaded$qqrv
@Psock@TNMGeneralServer@Serve$qqrv
@Psock@TNMGeneralServer@ServerAccept$qqrp14System@TObject
@Psock@TNMReg@
@Psock@TPowersock@
@Psock@TPowersock@$bctr$qqrp18Classes@TComponent
@Psock@TPowersock@$bdtr$qqrv
@Psock@TPowersock@Abort$qqrv
@Psock@TPowersock@Accept$qqrv
@Psock@TPowersock@AppendFile$qqr17System@AnsiString
@Psock@TPowersock@Cancel$qqrv
@Psock@TPowersock@CaptureFile$qqr17System@AnsiString
@Psock@TPowersock@CaptureStream$qqrp15Classes@TStreami
@Psock@TPowersock@CaptureString$qqrr17System@AnsiStringi
@Psock@TPowersock@CertifyConnect$qqrv
@Psock@TPowersock@ClearInput$qqrv
@Psock@TPowersock@Close$qqrui
@Psock@TPowersock@CloseAfterData$qqrv
@Psock@TPowersock@CloseImmediate$qqrv
@Psock@TPowersock@Connect$qqrv
@Psock@TPowersock@DataAvailable$qqrv
@Psock@TPowersock@Disconnect$qqrv
@Psock@TPowersock@ErrorManager$qqrus
@Psock@TPowersock@FilterHeader$qqrp19Classes@TFileStream
@Psock@TPowersock@GetFifoCapacity$qqrv
@Psock@TPowersock@GetLastErrorNo$qqrv
@Psock@TPowersock@GetLocalAddress$qqrv
@Psock@TPowersock@GetLocalIP$qqrv
@Psock@TPowersock@GetPortString$qqrv
@Psock@TPowersock@GetRemoteIP$qqrv
@Psock@TPowersock@InitWinsock$qqrv
@Psock@TPowersock@Listen$qqro
@Psock@TPowersock@Read$qqrus
@Psock@TPowersock@ReadLn$qqrv
@Psock@TPowersock@ReadToBuffer$qqrv
@Psock@TPowersock@RequestCloseSocket$qqrv
@Psock@TPowersock@ResolveRemoteHost$qqrv
@Psock@TPowersock@SendBuffer$qqrpcus
@Psock@TPowersock@SendFile$qqr17System@AnsiString
@Psock@TPowersock@SendRestStream$qqrp15Classes@TStream
@Psock@TPowersock@SendStream$qqrp15Classes@TStream
@Psock@TPowersock@SetFifoCapacity$qqri
@Psock@TPowersock@SetLastErrorNo$qqri
@Psock@TPowersock@SetWSAError$qqrus17System@AnsiString
@Psock@TPowersock@SocketErrorStr$qqrus
@Psock@TPowersock@StatusMessage$qqruc17System@AnsiString
@Psock@TPowersock@TimerFired$qqrp14System@TObject
@Psock@TPowersock@TimerOff$qqrv
@Psock@TPowersock@TimerOn$qqrv
@Psock@TPowersock@Transaction$qqrx17System@AnsiString
@Psock@TPowersock@Wait$qqrv
@Psock@TPowersock@Wndproc$qqrr17Messages@TMessage
@Psock@TPowersock@Write$qqr17System@AnsiString
@Psock@TPowersock@Writeln$qqr17System@AnsiString
@Psock@TSimpleThread@
@Psock@TSimpleThread@$bctr$qqroynpqqrpv$vpv
@Psock@TSimpleThread@AbortThread$qqrv
@Psock@TSimpleThread@Execute$qqrv
@Psock@TThreadTimer@
@Psock@TThreadTimer@$bctr$qqrp18Classes@TComponent
@Psock@TThreadTimer@$bdtr$qqrv
@Psock@TThreadTimer@SetEnabled$qqro
@Psock@TThreadTimer@SetInterval$qqrui
@Psock@TThreadTimer@SetOnTimer$qqrynpqqrp14System@TObject$v
@Psock@TThreadTimer@Timer$qqrv
@Psock@TThreadTimer@UpdateTimer$qqrv
@Psock@TThreadTimer@Wndproc$qqrr17Messages@TMessage
@Psock@TmrAllocateHWnd$qqrp14System@TObject
@Psock@WinsockMessage
@Psock@initialization$qqrv
@Urlparse@DefaultPort$qqrx17System@AnsiString
@Urlparse@Finalization$qqrv
@Urlparse@PORTS
@Urlparse@ParseURL$qqr17System@AnsiStringr17System@AnsiStringt2t2t2t2t2t2t2t2t2
@Urlparse@initialization$qqrv
_ChatForm2
__GetExceptDLLinfo
___CPPdebugHook
_serverForm1

Sections

.text
Size: 590KB - Virtual size: 592KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 556KB

UPX1 Size: 267KB - Virtual size: 268KB

.rsrc Size: 12KB - Virtual size: 12KB

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 590KB - Virtual size: 592KB

.data Size: 44KB - Virtual size: 116KB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 11KB - Virtual size: 12KB

.edata Size: 16KB - Virtual size: 16KB

.rsrc Size: 32KB - Virtual size: 32KB

.reloc Size: 36KB - Virtual size: 36KB

UPX0
Size: - Virtual size: 556KB

UPX1
Size: 267KB - Virtual size: 268KB

.rsrc
Size: 12KB - Virtual size: 12KB

.text
Size: 590KB - Virtual size: 592KB

.data
Size: 44KB - Virtual size: 116KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 11KB - Virtual size: 12KB

.edata
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 32KB - Virtual size: 32KB

.reloc
Size: 36KB - Virtual size: 36KB