2226e98c97b99049dddf13d2fbd49c22_JaffaCakes118

General

Target

2226e98c97b99049dddf13d2fbd49c22_JaffaCakes118
Size

757KB
MD5

2226e98c97b99049dddf13d2fbd49c22
SHA1

e058522183c75450d24b455af5dd53f5517920a7
SHA256

4f7ff5dc35429fe20f3e3254c2e2c5608bb79882e3b35ce87749932881ed9dfd
SHA512

17d41b7b9eddff4fcf7a6127cd30ac0136da7014f07b1b54d5785a0a056a913b747ab06535eee1da2b469d3bbcb6814beb96f82d7f7f1c4c09fe0d7bceb73fb8
SSDEEP

12288:2pO/mLzGwSDrpHwvNR86pq/LSvEHvncBgSDr10GoVnojXegYm5VgHYjCipuwPK7o:8O/mLzrurlIRL8/iEPcBgSDru5ojOa2O

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/lswxtpspq_20160907/微信投票刷票器+v1.0+绿色版.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/lswxtpspq_20160907/微信投票刷票器+v1.0+绿色版.exe
unpack002/out.upx

Files

2226e98c97b99049dddf13d2fbd49c22_JaffaCakes118
.rar
lswxtpspq_20160907/9553下载.url
.url
lswxtpspq_20160907/微信投票刷票器+v1.0+绿色版.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 680KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 754KB - Virtual size: 756KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 872KB - Virtual size: 871KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 280KB - Virtual size: 297KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 680KB

UPX1 Size: 754KB - Virtual size: 756KB

.rsrc Size: 25KB - Virtual size: 28KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 872KB - Virtual size: 871KB

.rdata Size: 170KB - Virtual size: 169KB

.data Size: 280KB - Virtual size: 297KB

.rsrc Size: 24KB - Virtual size: 24KB

.reloc Size: 35KB - Virtual size: 35KB

UPX0
Size: - Virtual size: 680KB

UPX1
Size: 754KB - Virtual size: 756KB

.rsrc
Size: 25KB - Virtual size: 28KB

.text
Size: 872KB - Virtual size: 871KB

.rdata
Size: 170KB - Virtual size: 169KB

.data
Size: 280KB - Virtual size: 297KB

.rsrc
Size: 24KB - Virtual size: 24KB

.reloc
Size: 35KB - Virtual size: 35KB