88fa5eb73aa2d042c0d88600af3b7a05_JaffaCakes118

General

Target

88fa5eb73aa2d042c0d88600af3b7a05_JaffaCakes118
Size

362KB
MD5

88fa5eb73aa2d042c0d88600af3b7a05
SHA1

c09633fd587629e269e2ec7c086ee5ee7216fb3b
SHA256

36455f73323b425d025b63621e3c8ae612d72d7f8a8408659977ee7e7e6d5ed7
SHA512

06aa2a632fcfb14caec5f8a63e0a7b49ff13003e23367096b99a49872888a8c3321d1d3c07899cde983cc313681c54c4e6d3c1bf5470b003a07c650909cc9fce
SSDEEP

6144:X/BKkx4s0romylwdDyaTSUz0S2p2prDmRdjgp05oOSmd6dbEMuwe2Vo/+f04YpOb:JK+4s0rvvTZh2pemRd865oRmEhne2VYG

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack002/CRPTEDSERVER.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack002/CRPTEDSERVER.exe
unpack003/out.upx

Files

88fa5eb73aa2d042c0d88600af3b7a05_JaffaCakes118
.ace
out.ace
.ace
CRPTEDSERVER.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 352KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 362KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 352KB - Virtual size: 352KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 229KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 352KB

UPX1 Size: 362KB - Virtual size: 364KB

.rsrc Size: 12KB - Virtual size: 12KB

Headers

File Characteristics

Sections

CODE Size: 352KB - Virtual size: 352KB

DATA Size: 61KB - Virtual size: 61KB

BSS Size: - Virtual size: 2KB

.idata Size: 8KB - Virtual size: 8KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 27KB - Virtual size: 26KB

.rsrc Size: 229KB - Virtual size: 229KB

UPX0
Size: - Virtual size: 352KB

UPX1
Size: 362KB - Virtual size: 364KB

.rsrc
Size: 12KB - Virtual size: 12KB

CODE
Size: 352KB - Virtual size: 352KB

DATA
Size: 61KB - Virtual size: 61KB

BSS
Size: - Virtual size: 2KB

.idata
Size: 8KB - Virtual size: 8KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 27KB - Virtual size: 26KB

.rsrc
Size: 229KB - Virtual size: 229KB