3edae524f93a820cbc103ad5dd3347be_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3edae524f93a820cbc103ad5dd3347be_JaffaCakes118
Size

74.6MB
MD5

3edae524f93a820cbc103ad5dd3347be
SHA1

72560b0dd05048ed4df16f746849504672b8b1fd
SHA256

99a80c1c854082fa6aa01dd99fda4299336e1078862829aa615e11a492eba5c9
SHA512

378699a68e387f2e202e6a557f187113ca79298bb6d71735a00804ff99d2fbedefadcec2a60e9030453fbe6ca41851958d22f5b2fc29af50dd7bb10320ad909c
SSDEEP

1572864:EkAdKHGPHDRyzW3VjJUwS0um+7cM6mQeGBwryKx8ijC7W5ETZ0Hpwk3IW6DX:TAwHGPHDRyz4U8um+7xnvOYuKgfdW6DX

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/SAGE Demo/Sonic Light & Darkness/Sonic - Light and Darkness.exe	upx

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/SAGE Demo/Sonic Light & Darkness/CleanMem.dll
unpack001/SAGE Demo/Sonic Light & Darkness/Sonic - Light and Darkness.exe
unpack002/out.upx
unpack001/SAGE Demo/Sonic Light & Darkness/supersound.dll

Files

3edae524f93a820cbc103ad5dd3347be_JaffaCakes118
.zip
SAGE Demo/Sonic Light & Darkness/CleanMem.dll
.dll windows:1 windows x86 arch:x86

aa93839bba0d4394b13248a8a733a107

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcessId
OpenProcess
CloseHandle

psapi

EmptyWorkingSet
GetProcessMemoryInfo

Exports

Exports

halo_shg_clean
halo_shg_get_mem

Sections

.shg
Size: 512B - Virtual size: 477B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
SAGE Demo/Sonic Light & Darkness/Music/Dsupersonic.ogg
SAGE Demo/Sonic Light & Darkness/Music/Speed Run Times/screenshot112.png
.png
SAGE Demo/Sonic Light & Darkness/Music/Speed Run Times/screenshot114.png
.png
SAGE Demo/Sonic Light & Darkness/Music/Speed Run Times/screenshot115.png
.png
SAGE Demo/Sonic Light & Darkness/Music/Speed Run Times/screenshot116.png
.png
SAGE Demo/Sonic Light & Darkness/Music/Speed Run Times/screenshot118.png
.png
SAGE Demo/Sonic Light & Darkness/Music/bonus_level.ogg
SAGE Demo/Sonic Light & Darkness/Music/chao.ogg
SAGE Demo/Sonic Light & Darkness/Music/crossspeed.ogg
SAGE Demo/Sonic Light & Darkness/Music/engine_test.ogg
SAGE Demo/Sonic Light & Darkness/Music/forest_drive.ogg
SAGE Demo/Sonic Light & Darkness/Music/foundry_zone.ogg
SAGE Demo/Sonic Light & Darkness/Music/invinicbl.ogg
SAGE Demo/Sonic Light & Darkness/Music/results_jingle.ogg
SAGE Demo/Sonic Light & Darkness/Music/sacred_area.ogg
SAGE Demo/Sonic Light & Darkness/Music/speedup.ogg
SAGE Demo/Sonic Light & Darkness/Music/supersonic.ogg
SAGE Demo/Sonic Light & Darkness/Music/volcanic_springs.ogg
SAGE Demo/Sonic Light & Darkness/Music/world_map.ogg
SAGE Demo/Sonic Light & Darkness/Sonic - Light and Darkness.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 2.8MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 648KB - Virtual size: 648KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 1.5MB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 19B - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 225KB - Virtual size: 225KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SAGE Demo/Sonic Light & Darkness/supersound.dll
.dll windows:4 windows x86 arch:x86

8e08ff928753095624e7af6b97963b1b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

memset
fread
fclose
ftell
fseek
memcpy
log10
fopen
strlen
_errno
realloc
malloc
free
calloc
floor
toupper
memmove
sprintf
perror
_CIatan
fprintf
_CIlog
ldexp
_CIpow
qsort
_CIexp
ceil
_CIsqrt
_CIcos
_CIsin
exit
frexp
_CIacos
memchr
__CxxFrameHandler

kernel32

HeapCreate
HeapDestroy
GetModuleHandleA
HeapAlloc
HeapFree
Sleep
FreeLibrary
LoadLibraryA
GetProcAddress
CreateFileA
GetFileSize
ReadFile
CloseHandle
CreateThread
HeapReAlloc

user32

BeginPaint
EndPaint
DefWindowProcA
LoadIconA
RegisterClassExA
CreateWindowExA

gdi32

GetStockObject

Exports

Exports

SS_FreeSound
SS_GetSoundBytesPerSecond
SS_GetSoundFreq
SS_GetSoundLength
SS_GetSoundPan
SS_GetSoundPosition
SS_GetSoundVol
SS_Init
SS_IsSoundLooping
SS_IsSoundPaused
SS_IsSoundPlaying
SS_LoadSound
SS_LoopSound
SS_PauseSound
SS_PlaySound
SS_ResumeSound
SS_SetSoundFreq
SS_SetSoundPan
SS_SetSoundPosition
SS_SetSoundVol
SS_StopSound
SS_Unload

Sections

.code
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aa93839bba0d4394b13248a8a733a107

Headers

File Characteristics

Imports

kernel32

psapi

Exports

Exports

Sections

.shg Size: 512B - Virtual size: 477B

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 2.8MB

UPX1 Size: 648KB - Virtual size: 648KB

.rsrc Size: 14KB - Virtual size: 16KB

Headers

File Characteristics

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.itext Size: 18KB - Virtual size: 20KB

.data Size: 27KB - Virtual size: 28KB

.bss Size: - Virtual size: 1.5MB

.idata Size: 14KB - Virtual size: 16KB

.tls Size: - Virtual size: 4KB

.rdata Size: 19B - Virtual size: 96KB

.rsrc Size: 225KB - Virtual size: 225KB

8e08ff928753095624e7af6b97963b1b

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

Exports

Exports

Sections

.code Size: 4KB - Virtual size: 4KB

.text Size: 113KB - Virtual size: 112KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 60KB - Virtual size: 60KB

.reloc Size: 2KB - Virtual size: 2KB

.shg
Size: 512B - Virtual size: 477B

UPX0
Size: - Virtual size: 2.8MB

UPX1
Size: 648KB - Virtual size: 648KB

.rsrc
Size: 14KB - Virtual size: 16KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.itext
Size: 18KB - Virtual size: 20KB

.data
Size: 27KB - Virtual size: 28KB

.bss
Size: - Virtual size: 1.5MB

.idata
Size: 14KB - Virtual size: 16KB

.tls
Size: - Virtual size: 4KB

.rdata
Size: 19B - Virtual size: 96KB

.rsrc
Size: 225KB - Virtual size: 225KB

.code
Size: 4KB - Virtual size: 4KB

.text
Size: 113KB - Virtual size: 112KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 60KB - Virtual size: 60KB

.reloc
Size: 2KB - Virtual size: 2KB