2d3bab0ac728dd2fef8b1d8794af3afb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2d3bab0ac728dd2fef8b1d8794af3afb_JaffaCakes118
Size

1.6MB
MD5

2d3bab0ac728dd2fef8b1d8794af3afb
SHA1

7fe364977b8fa79800a3571cff30a2162cb7feef
SHA256

37e742a8d67e4e6c74ad9358126f708d4fcc4468f4bc43d7aff13ae355a2902c
SHA512

f89814d18c27e8788ffa6bdec9c6e010140a19b1cf734a778a813c52c9b0a863120360bfa5cb0467c969c3b9b0d7a1e847861d70770f16fe3e6ecb796d2e3685
SSDEEP

49152:77OffOFkBjuH5CRRQn3oM4AZ/lkyEKrlKydN6:fOOFkBjsCD2VZEglKk6

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/CaryFirmware/AppPatch.exe	upx

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/CaryFirmware/AppPatch.exe
unpack002/out.upx
unpack001/CaryFirmware/firmware(old108)/FwUpdate.exe
unpack001/CaryFirmware/firmware(old109)/FwUpdate.exe
unpack001/CaryFirmware/firmware/FwUpdate.exe
unpack001/CaryFirmware/utils/KillSysInfo.exe

Files

2d3bab0ac728dd2fef8b1d8794af3afb_JaffaCakes118
.zip
CaryFirmware/AppPatch.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 384KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 210KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 464KB - Virtual size: 463KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CaryFirmware/AppPatch.htm
.html
CaryFirmware/AppPatch.ini
CaryFirmware/firmware(old108)/FwUpdate.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CaryFirmware/firmware(old108)/INST108.HEX
CaryFirmware/firmware(old108)/READ108.TXT
CaryFirmware/firmware(old109)/5.bmp
CaryFirmware/firmware(old109)/FwUpdate.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 317KB - Virtual size: 317KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
CaryFirmware/firmware(old109)/INST109.HEX
CaryFirmware/firmware(old109)/READ109.TXT
CaryFirmware/firmware(old109)/Thumbs.db
CaryFirmware/firmware/5.bmp
CaryFirmware/firmware/FwUpdate.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 317KB - Virtual size: 317KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
CaryFirmware/firmware/INST112.HEX
CaryFirmware/firmware/READ112.TXT
CaryFirmware/firmware/Thumbs.db
CaryFirmware/utils/KillSysInfo.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 6KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CaryFirmware/utils/readme.txt

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 384KB

UPX1 Size: 210KB - Virtual size: 212KB

.rsrc Size: 6KB - Virtual size: 8KB

Headers

File Characteristics

Sections

CODE Size: 464KB - Virtual size: 463KB

DATA Size: 10KB - Virtual size: 9KB

BSS Size: - Virtual size: 3KB

.idata Size: 10KB - Virtual size: 10KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 32KB - Virtual size: 31KB

.rsrc Size: 50KB - Virtual size: 50KB

Headers

File Characteristics

Sections

CODE Size: 317KB - Virtual size: 316KB

DATA Size: 4KB - Virtual size: 3KB

BSS Size: - Virtual size: 2KB

.idata Size: 8KB - Virtual size: 8KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 23KB - Virtual size: 23KB

.rsrc Size: 71KB - Virtual size: 71KB

Headers

File Characteristics

Sections

CODE Size: 317KB - Virtual size: 317KB

DATA Size: 4KB - Virtual size: 4KB

BSS Size: - Virtual size: 2KB

.idata Size: 8KB - Virtual size: 8KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 512B

.reloc Size: 23KB - Virtual size: 23KB

.rsrc Size: 74KB - Virtual size: 74KB

Headers

File Characteristics

Sections

CODE Size: 317KB - Virtual size: 317KB

DATA Size: 4KB - Virtual size: 4KB

BSS Size: - Virtual size: 2KB

.idata Size: 8KB - Virtual size: 8KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 512B

.reloc Size: 23KB - Virtual size: 23KB

.rsrc Size: 74KB - Virtual size: 74KB

Headers

File Characteristics

Sections

CODE Size: 216KB - Virtual size: 216KB

DATA Size: 3KB - Virtual size: 3KB

BSS Size: - Virtual size: 6KB

.idata Size: 8KB - Virtual size: 7KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 14KB - Virtual size: 13KB

.rsrc Size: 59KB - Virtual size: 59KB

UPX0
Size: - Virtual size: 384KB

UPX1
Size: 210KB - Virtual size: 212KB

.rsrc
Size: 6KB - Virtual size: 8KB

CODE
Size: 464KB - Virtual size: 463KB

DATA
Size: 10KB - Virtual size: 9KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 10KB - Virtual size: 10KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 32KB - Virtual size: 31KB

.rsrc
Size: 50KB - Virtual size: 50KB

CODE
Size: 317KB - Virtual size: 316KB

DATA
Size: 4KB - Virtual size: 3KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 8KB - Virtual size: 8KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 23KB - Virtual size: 23KB

.rsrc
Size: 71KB - Virtual size: 71KB

CODE
Size: 317KB - Virtual size: 317KB

DATA
Size: 4KB - Virtual size: 4KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 8KB - Virtual size: 8KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 512B

.reloc
Size: 23KB - Virtual size: 23KB

.rsrc
Size: 74KB - Virtual size: 74KB

CODE
Size: 317KB - Virtual size: 317KB

DATA
Size: 4KB - Virtual size: 4KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 8KB - Virtual size: 8KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 512B

.reloc
Size: 23KB - Virtual size: 23KB

.rsrc
Size: 74KB - Virtual size: 74KB

CODE
Size: 216KB - Virtual size: 216KB

DATA
Size: 3KB - Virtual size: 3KB

BSS
Size: - Virtual size: 6KB

.idata
Size: 8KB - Virtual size: 7KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 14KB - Virtual size: 13KB

.rsrc
Size: 59KB - Virtual size: 59KB