205d536d7b6ca8d4255afd84517204e7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

205d536d7b6ca8d4255afd84517204e7_JaffaCakes118
Size

325KB
MD5

205d536d7b6ca8d4255afd84517204e7
SHA1

acb15537e09d4e72830e42bef0eaa1fa3cd95ed0
SHA256

cfa6e2afb82c5380965af60bb1898fa661220e685a71047d4a541cc77d32dae5
SHA512

496772801edf0a4d53ecaf27d0e453173a55b979e8fdcc4412b93d75f45ad00cdf3b45eb201ecce9c2deffd32b577dec38e5d0ed024e562c9d7c4e07f362b556
SSDEEP

6144:JF2KaoFO9X/VGTWE3xqpiowePrKufaX7x9BsnN45iMaQ4tQeL7:J8Kao6ITWOMUowoKufElK45izL7

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/游侠QQ空间人气王 v1.0（无需挂机）/游侠QQ空间人气王v1.0（无需挂机）.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/游侠QQ空间人气王 v1.0（无需挂机）/游侠QQ空间人气王v1.0（无需挂机）.exe
unpack002/out.upx

Files

205d536d7b6ca8d4255afd84517204e7_JaffaCakes118
.rar
游侠QQ空间人气王 v1.0（无需挂机）/游侠QQ空间人气王v1.0（无需挂机）.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 636KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 274KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 536KB - Virtual size: 532KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
游侠QQ空间人气王 v1.0（无需挂机）/绿软基地.url
.url
游侠QQ空间人气王 v1.0（无需挂机）/软件界面.jpg
.jpg