43319522bbb961db7af48b11df828699_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

43319522bbb961db7af48b11df828699_JaffaCakes118
Size

997KB
MD5

43319522bbb961db7af48b11df828699
SHA1

d4f13f03b1edac801f4d2d5ae235fb813bdae1a4
SHA256

9bf91c149b7e7ac28c35629b2bcbbcaf6cb9987605128985ed38e0248a19a782
SHA512

e576fdbb5df1f1806d19bcad1233aa417cbf5078188fcce3274487be610e3475c05ebd30870b45d307f94ee953cf76a3c3edf27c28ff477d83d8986ea64c4aab
SSDEEP

24576:K1ZPP/7QlzBazeZb407Fizn+0wv3BeHeos:MZPP/7QH8eZbnsba3Be+os

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/baoqdfghhgcx_piaodown/子涛爆枪英雄3辅助v1.0感谢，jz5u下载站.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/baoqdfghhgcx_piaodown/子涛爆枪英雄3辅助v1.0感谢，jz5u下载站.exe
unpack002/out.upx

Files

43319522bbb961db7af48b11df828699_JaffaCakes118
.rar
baoqdfghhgcx_piaodown/子涛爆枪英雄3辅助v1.0感谢，jz5u下载站.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1017KB - Virtual size: 1020KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 588KB - Virtual size: 586KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
baoqdfghhgcx_piaodown/更多软件下载.url
baoqdfghhgcx_piaodown/飘荡软件.url
.url