6025c2bfeaa6a2f9cafa8a804f21b2db_JaffaCakes118

General

Target

6025c2bfeaa6a2f9cafa8a804f21b2db_JaffaCakes118
Size

247KB
MD5

6025c2bfeaa6a2f9cafa8a804f21b2db
SHA1

113ca960e3c7d55d91badf1fc961a81166d66d3e
SHA256

c8b6b8c1e0a4c25bb78671cd95fe3ec09b3eba60fbe2b4a1e54c3bd26fb0b7a5
SHA512

4965309c747852a724d6629c191202769138fd4e5f068095a0baf9585603b0208cb276901aa09e5716a08199107c1e9f8acb7c2b856fbb3b51847516fbf227e8
SSDEEP

6144:uIvMQhKXPYAMt5L+Ad/xeuPgEbhBOjZ3FGVuQk:PMQq8N+Ad/P5O5r

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/USB_nodrivers_pack/USB_nodrivers_pack/修复补丁V3.0.EXE	upx

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
static1/unpack002/out.upx	autoit_exe

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/USB_nodrivers_pack/USB_nodrivers_pack/修复补丁V2.0.exe
unpack001/USB_nodrivers_pack/USB_nodrivers_pack/修复补丁V3.0.EXE
unpack002/out.upx

Files

6025c2bfeaa6a2f9cafa8a804f21b2db_JaffaCakes118
.rar
USB_nodrivers_pack/USB_nodrivers_pack/修复补丁V2.0.exe
.exe windows:4 windows x86 arch:x86

ac0e65683d10a7786abc0e8f32bdc45b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxA

advapi32

RegSetValueExA
RegCloseKey
RegQueryValueExA
RegOpenKeyA

kernel32

GetStringTypeW
GetFileType
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
USB_nodrivers_pack/USB_nodrivers_pack/修复补丁V3.0.EXE
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 368KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 218KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 401KB - Virtual size: 401KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ac0e65683d10a7786abc0e8f32bdc45b

Headers

File Characteristics

Imports

user32

advapi32

kernel32

Sections

.text Size: 16KB - Virtual size: 13KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 12KB - Virtual size: 10KB

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 368KB

UPX1 Size: 218KB - Virtual size: 220KB

.rsrc Size: 6KB - Virtual size: 8KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 401KB - Virtual size: 401KB

.rdata Size: 57KB - Virtual size: 56KB

.data Size: 11KB - Virtual size: 99KB

.rsrc Size: 10KB - Virtual size: 10KB

.text
Size: 16KB - Virtual size: 13KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 10KB

UPX0
Size: - Virtual size: 368KB

UPX1
Size: 218KB - Virtual size: 220KB

.rsrc
Size: 6KB - Virtual size: 8KB

.text
Size: 401KB - Virtual size: 401KB

.rdata
Size: 57KB - Virtual size: 56KB

.data
Size: 11KB - Virtual size: 99KB

.rsrc
Size: 10KB - Virtual size: 10KB