1ab9f4868938782314e958aa75ce05f2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1ab9f4868938782314e958aa75ce05f2_JaffaCakes118
Size

1.4MB
MD5

1ab9f4868938782314e958aa75ce05f2
SHA1

2944561232b35f8d52904192697a378a8831cf64
SHA256

32781a69c01233e3785080ff88883536c9e93df04be43a91df3528e031006c38
SHA512

ee3c2e2747fadfa679f6bae7d5ac4483345da0c3dd73a37757320b2bd698791527e8d1111e1604da8b9d0b06b0d5980ecedb8160be9746a0075ca570c28e0ae9
SSDEEP

24576:XEUq7peb+mflvVe6SvEN8zp8fAkvYTf+wc0iMD0zUMhlg1frUVg+CfjbC20Y5sYs:XEUq7pb6ZS0k8fBhP8D0Lr+frUVg5fvi

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/IconRestorer/FSL.dat	upx
static1/unpack001/IconRestorer/IconRestorer.exe	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/IconRestorer/FSL.dat
unpack002/out.upx
unpack001/IconRestorer/IconRestorer.exe

Files

1ab9f4868938782314e958aa75ce05f2_JaffaCakes118
.rar
IconRestorer/FSL.dat
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 956B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IconRestorer/IconRestorer.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 2.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 361KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IconRestorer/Languages/Czech.bmp
IconRestorer/Languages/Czech.lng
IconRestorer/Languages/Dansk.bmp
IconRestorer/Languages/Dansk.lng
IconRestorer/Languages/Deutsch.bmp
IconRestorer/Languages/Deutsch.lng
IconRestorer/Languages/English.lng
IconRestorer/Languages/Espa駉l.bmp
IconRestorer/Languages/Espa駉l.lng
IconRestorer/Languages/French.bmp
IconRestorer/Languages/French.lng
IconRestorer/Languages/Italiano.lng
IconRestorer/Languages/Japanese.bmp
IconRestorer/Languages/Japanese.lng
IconRestorer/Languages/Magyar.bmp
IconRestorer/Languages/Magyar.lng
IconRestorer/Languages/Nederlands.bmp
IconRestorer/Languages/Nederlands.lng
IconRestorer/Languages/Polish.bmp
IconRestorer/Languages/Polish.lng
IconRestorer/Languages/Portugu阺 (Brasil).bmp
IconRestorer/Languages/Portugu阺 (Brasil).lng
IconRestorer/Languages/Simplified Chinese.bmp
IconRestorer/Languages/Simplified Chinese.lng
IconRestorer/Languages/Slovensko.bmp
IconRestorer/Languages/Slovensko.lng
IconRestorer/Languages/Turkish.bmp
IconRestorer/Languages/Turkish.lng
IconRestorer/Languages/english.bmp
IconRestorer/Languages/italiano.bmp
IconRestorer/License.txt
IconRestorer/News.wri
.wri .rtf

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 40KB

UPX1 Size: 7KB - Virtual size: 8KB

.rsrc Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Sections

CODE Size: 11KB - Virtual size: 11KB

DATA Size: 512B - Virtual size: 160B

BSS Size: - Virtual size: 1KB

.idata Size: 1024B - Virtual size: 956B

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 1024B - Virtual size: 864B

.rsrc Size: 512B - Virtual size: 512B

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 2.6MB

UPX1 Size: 1.2MB - Virtual size: 1.2MB

.rsrc Size: 361KB - Virtual size: 364KB

UPX0
Size: - Virtual size: 40KB

UPX1
Size: 7KB - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 4KB

CODE
Size: 11KB - Virtual size: 11KB

DATA
Size: 512B - Virtual size: 160B

BSS
Size: - Virtual size: 1KB

.idata
Size: 1024B - Virtual size: 956B

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 1024B - Virtual size: 864B

.rsrc
Size: 512B - Virtual size: 512B

UPX0
Size: - Virtual size: 2.6MB

UPX1
Size: 1.2MB - Virtual size: 1.2MB

.rsrc
Size: 361KB - Virtual size: 364KB