7c52d30cccb46857cb2ae5138f6b84c2_JaffaCakes118

Sharing

Target

7c52d30cccb46857cb2ae5138f6b84c2_JaffaCakes118
Size

20KB
MD5

7c52d30cccb46857cb2ae5138f6b84c2
SHA1

4c9b1a888318947accf6d1dd96a51891dc1ba097
SHA256

4c4602c0edbc4c11840fe4feda0989cb27a54d4cdf38db0b4afc18c26c4bdd2f
SHA512

47780288ba49dd514cdfa6f481eec6186f0c56ece301ac319541acb67c9295417ec1ba60e9e3699519b3c8387901ecda1534ea1f4fa5f8c3e2658714e69ae82a
SSDEEP

384:CTRcV21n0jkPG5D1ROtjIO9SINuIf9TmBQarSilmRN645z6KddymSiNWKdBn:IRe2adbOjnvNHf0GklmR40z6Kd/DBdx

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/PrepLogic.Microsoft.70-216.Practice.Exams.v3.1.DateCode.20050815-RBS/patch_preplogic_v3.1.x.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PrepLogic.Microsoft.70-216.Practice.Exams.v3.1.DateCode.20050815-RBS/patch_preplogic_v3.1.x.exe

7c52d30cccb46857cb2ae5138f6b84c2_JaffaCakes118
.zip
PrepLogic.Microsoft.70-216.Practice.Exams.v3.1.DateCode.20050815-RBS/file_id.diz
PrepLogic.Microsoft.70-216.Practice.Exams.v3.1.DateCode.20050815-RBS/patch_preplogic_v3.1.x.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PrepLogic.Microsoft.70-216.Practice.Exams.v3.1.DateCode.20050815-RBS/rebels.nfo
keygen.nfo