5dd85e55c9e63f084380102f1475dd10_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5dd85e55c9e63f084380102f1475dd10_JaffaCakes118
Size

866KB
MD5

5dd85e55c9e63f084380102f1475dd10
SHA1

bf7c950bae0d25358bccea242f383fb0853c53cb
SHA256

4e696d15bd72b90a510a393a19765e02ba7e106859bcd7efb098d6ed61eab85b
SHA512

06f141db9390531fce8f6e30a3f32b30c49ed62189e52dd4a9c411f0f497f00dce6110f3e8da1ead0b2095044d2eb6fb7701be2b0a033cf44581aa6af6ebb738
SSDEEP

24576:5Dp671bjcnQjjlVllxnf7IiEmYXapZ7VIlW63gZN4BxE:r671b3tznftE/8ZGlr3SN4Q

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/updateAppDemo/FTPServer/patch.exe	upx

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/updateAppDemo/FTPServer/patch.exe
unpack002/out.upx
unpack001/updateAppDemo/KSSZY-JS.exe
unpack001/updateAppDemo/MyFTP.exe
unpack001/updateAppDemo/UpdateMe.exe

Files

5dd85e55c9e63f084380102f1475dd10_JaffaCakes118
.rar
updateAppDemo/C-S架构软件自动升级Demo使用手册.doc
.doc windows office2003
updateAppDemo/FTPServer/patch.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
updateAppDemo/FTPServer/update.ini
updateAppDemo/KSSZY-JS.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 593KB - Virtual size: 593KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 41B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 327KB - Virtual size: 327KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
updateAppDemo/MyFTP.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 386KB - Virtual size: 386KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 41B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
updateAppDemo/UpdateMe.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 325KB - Virtual size: 324KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
updateAppDemo/system.ini
updateAppDemo/下载说明.htm
.html .js polyglot
下载说明.htm
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 64KB

UPX1 Size: 17KB - Virtual size: 20KB

.rsrc Size: 4KB - Virtual size: 8KB

Headers

File Characteristics

Sections

.text Size: 24KB - Virtual size: 24KB

.data Size: 4KB - Virtual size: 36KB

.idata Size: 2KB - Virtual size: 4KB

.rsrc Size: 9KB - Virtual size: 12KB

Headers

File Characteristics

Sections

CODE Size: 593KB - Virtual size: 593KB

DATA Size: 7KB - Virtual size: 7KB

BSS Size: - Virtual size: 3KB

.idata Size: 9KB - Virtual size: 8KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 41B

.reloc Size: 43KB - Virtual size: 42KB

.rsrc Size: 327KB - Virtual size: 327KB

Headers

File Characteristics

Sections

CODE Size: 386KB - Virtual size: 386KB

DATA Size: 7KB - Virtual size: 6KB

BSS Size: - Virtual size: 3KB

.idata Size: 9KB - Virtual size: 8KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 41B

.reloc Size: 30KB - Virtual size: 29KB

.rsrc Size: 28KB - Virtual size: 28KB

Headers

File Characteristics

Sections

CODE Size: 325KB - Virtual size: 324KB

DATA Size: 4KB - Virtual size: 4KB

BSS Size: - Virtual size: 3KB

.idata Size: 8KB - Virtual size: 8KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 23KB - Virtual size: 23KB

.rsrc Size: 22KB - Virtual size: 22KB

UPX0
Size: - Virtual size: 64KB

UPX1
Size: 17KB - Virtual size: 20KB

.rsrc
Size: 4KB - Virtual size: 8KB

.text
Size: 24KB - Virtual size: 24KB

.data
Size: 4KB - Virtual size: 36KB

.idata
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 9KB - Virtual size: 12KB

CODE
Size: 593KB - Virtual size: 593KB

DATA
Size: 7KB - Virtual size: 7KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 9KB - Virtual size: 8KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 41B

.reloc
Size: 43KB - Virtual size: 42KB

.rsrc
Size: 327KB - Virtual size: 327KB

CODE
Size: 386KB - Virtual size: 386KB

DATA
Size: 7KB - Virtual size: 6KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 9KB - Virtual size: 8KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 41B

.reloc
Size: 30KB - Virtual size: 29KB

.rsrc
Size: 28KB - Virtual size: 28KB

CODE
Size: 325KB - Virtual size: 324KB

DATA
Size: 4KB - Virtual size: 4KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 8KB - Virtual size: 8KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 23KB - Virtual size: 23KB

.rsrc
Size: 22KB - Virtual size: 22KB