33f6ca845a1f6286f32f62ce17171ebc_JaffaCakes118 | Triage

Sharing

General

Target

33f6ca845a1f6286f32f62ce17171ebc_JaffaCakes118
Size

541KB
MD5

33f6ca845a1f6286f32f62ce17171ebc
SHA1

cea28c7115ef4fdc50c394a5c42d4716fa7e88ff
SHA256

131b480851d77b72c83e1a203de12b4067dafab3d7c19d8fc4f750d7a6c8c86f
SHA512

231be367571dc890ba6c9c988eed8d6afca238af725d43589018e15c38040f8c49bdd43c0a07aab70caa88b26cb1f6b996344395f37f179af9c627f65b54a7d6
SSDEEP

12288:/b9eCqJazJhaZgGJPdMEiRSTd/VP4fxfj:/bAfJwJ2JPqEiU9AfBj

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/qqplsxsm/易编社区—QQ批量扫信晒密工具V1.0.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/qqplsxsm/易编社区—QQ批量扫信晒密工具V1.0.exe
unpack002/out.upx

Files

33f6ca845a1f6286f32f62ce17171ebc_JaffaCakes118
.rar
qqplsxsm/使用说明.txt
qqplsxsm/易编社区—QQ批量扫信晒密工具V1.0.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 712KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 406KB - Virtual size: 408KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 548KB - Virtual size: 546KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
qqplsxsm/软件截图.jpg
.jpg
qqplsxsm/郑重声明.txt
使用说明.url