07effd75041ec90a0a67f73b26379aef_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

07effd75041ec90a0a67f73b26379aef_JaffaCakes118
Size

100KB
MD5

07effd75041ec90a0a67f73b26379aef
SHA1

5451873ee4835333253f2661b7f72fd42de6ec23
SHA256

d4508a5e187030c3a2e6f16fc8e349bbf2ac0b5d7564b074f620a33e1750d7f5
SHA512

ff5fea0b8ad84e8ee78d63e82ef9df36bd47c7f7aea213a67b7f06f34834824aa03d2dee60bf2f62a19f09726a1d4ea2e9e70b465fa635373cfde883fd963a50
SSDEEP

1536:Q4F3CORmB55V+UX0PYIHIdyURM4CJ8DEc5Z6vSg00eEUR+aQnrlBpmxD5nURz:BFSBDV+UX2mMUioDh5sjkTR+aKrVs5ny

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Flash.CS3-Serial.exe	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Flash.CS3-Activate.exe
unpack001/Flash.CS3-Serial.exe
unpack002/out.upx

Files

07effd75041ec90a0a67f73b26379aef_JaffaCakes118
.zip
Flash.CS3-Activate.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

@_virt_alloc
@_virt_commit
@_virt_decommit
@_virt_release
@_virt_reserve
_CLOCALE
_CMonetary
_CNumeric
_CTimeDate
__C0argc
__C0argv
__C0environ
__ErrorExit
__ErrorMessage
__ErrorMessageHelper
__ExcRegPtr
___CRTL_MEM_CheckBorMem
___CRTL_MEM_GetBorMemPtrs
___CRTL_MEM_Revector
___DOSerror
___ErrorMessage
___IOerror
___NTerror
___allocated
___eof
___errno
___fputn
___isatty
___isatty_osfhandle
___locale
___lseek
___org__expand
___org__fgetc
___org__msize
___org__read
___org__rtl_read
___org__rtl_write
___org__write
___org_calloc
___org_fflush
___org_fgetc
___org_fputc
___org_fputs
___org_free
___org_malloc
___org_memchr
___org_memcpy
___org_memmove
___org_memset
___org_perror
___org_strlen
___pCallAtExitProcs
___read
___write
__allocbuf
__argc
__bormm_pfn_FreeMem
__bormm_pfn_GetMem
__bormm_pfn_HeapAddRef
__bormm_pfn_HeapRelease
__bormm_pfn_ReallocMem
__c_exit
__cexit
__cfinfo_get
__cleanup
__create_shmem
__dll_table
__dosErrorToSV
__doserrno
__dup_handle
__exe_table
__exit
__exit_streams
__exitbuf
__exitfopen
__exitopen
__expand
__fgetc
__firstHeap
__flushout
__freeStart
__free_handle
__free_heaps
__get_handle
__getmbcp
__handles
__heap_redirector
__initMBCSTable
__init_exit_proc
__init_handles
__init_streams
__internal_free
__internal_free_heaps
__internal_malloc
__internal_realloc
__isWindows
__kalpha
__kpunct
__lastHeap
__linktable
__lldiv
__llmod
__llmul
__llshl
__llshr
__lludiv
__llumod
__llushr
__mbcsCodePage
__mbctype
__mbsrchr
__messagefile
__messagefunc
__msize
__nfile
__nv_heap_size
__openfd
__oscmd
__osenv
__ostype
__phys_avail
__pidtab
__read
__rover
__rtl_read
__rtl_write
__setmbcp
__smalloc_threshold
__stkbase
__streams
__sys_errlist
__sys_nerr
__terminate
__virt_chunk_free
__virt_chunk_free2
__virt_chunk_size
__virt_chunk_size2
__virt_heap_size
__wC0argv
__wC0environ
__woscmd
__wosenv
__write
__xfflush
_absol
_add
_big_to_bytes
_bigbits
_brand
_bytes_to_big
_calloc
_cinnum
_cinstr
_compare
_convert
_copy
_cotnum
_cotstr
_decr
_denom
_divide
_divisible
_dlconv
_double_inverse
_ecp_memalloc
_ecp_memkill
_ecurve_add
_ecurve_double
_ecurve_double_add
_ecurve_init
_ecurve_mult
_ecurve_mult2
_ecurve_multi_add
_ecurve_multn
_ecurve_sub
_epoint_comp
_epoint_copy
_epoint_free
_epoint_get
_epoint_getxyz
_epoint_init
_epoint_init_mem
_epoint_init_mem_variable
_epoint_negate
_epoint_norm
_epoint_set
_epoint_x
_errno
_exit
_expb2
_exsign
_fflush
_fgetc
_fit
_fpack
_fputc
_fputs
_free
_get_mip
_getdig
_hamming
_igcd
_incr
_init_big_from_rom
_init_point_from_rom
_innum
_insign
_instr
_invers
_irand
_isqrt
_jac
_jack
_kill_monty
_lgconv
_logb2
_mad
_malloc
_memalloc
_memchr
_memcpy
_memkill
_memmove
_memset
_mirexit
_mirkill
_mirsys
_mirvar
_mirvar_mem
_mirvar_mem_variable
_mr_alloc
_mr_berror
_mr_first_alloc
_mr_free
_mr_lent
_mr_lzero
_mr_mip
_mr_naf_window
_mr_notint
_mr_padd
_mr_pmul
_mr_psub
_mr_sdiv
_mr_setbase
_mr_shift
_mr_shiftbits
_mr_testbit
_mr_track
_mr_window
_mr_window2
_muldiv
_muldvd
_muldvd2
_muldvm
_multi_inverse
_multiply
_negify
_normalise
_nres
_nres_dotprod
_nres_double_inverse
_nres_double_modadd
_nres_double_modsub
_nres_lazy
_nres_modadd
_nres_moddiv
_nres_modmult
_nres_modsub
_nres_multi_inverse
_nres_negate
_nres_powltr
_nres_powmod
_nres_powmod2
_nres_powmodn
_nres_premult
_nres_sqroot
_numdig
_numer
_otnum
_otstr
_perror
_point_at_infinity
_powltr
_powmod
_powmod2
_powmodn
_premult
_prepare_monty
_putdig
_recode
_redc
_remain
_set_io_buffer_size
_set_user_function
_sftbit
_sgcd
_size
_smul
_spmd
_sqrmp
_sqroot
_strlen
_subdiv
_subdivisible
_subtract
_uconvert
_xgcd
_zero

Sections

Size: - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 53KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Flash.CS3-Serial.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 48KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
instruction.txt

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

Size: - Virtual size: 136KB

Size: 53KB - Virtual size: 56KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 64KB

UPX1 Size: 48KB - Virtual size: 52KB

.rsrc Size: 3KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 72KB - Virtual size: 69KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 7KB

.rsrc Size: 24KB - Virtual size: 22KB

UPX0
Size: - Virtual size: 64KB

UPX1
Size: 48KB - Virtual size: 52KB

.rsrc
Size: 3KB - Virtual size: 4KB

.text
Size: 72KB - Virtual size: 69KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 24KB - Virtual size: 22KB