5be83aeb811cd18eed41501d31e8395c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5be83aeb811cd18eed41501d31e8395c_JaffaCakes118
Size

1.0MB
MD5

5be83aeb811cd18eed41501d31e8395c
SHA1

94f08892826a5ea7980b0a756b76a42ee362dad9
SHA256

d90590479a3b5ac690d0948f5dbd62c0a104365b09d99d6b513a9d1f3c65e7f5
SHA512

0774823cc177f0951636a8304d3ac660174043ceba9a64b844c1bcacebdebf03437309645ad33344cef5530523adfdda92f54001beedfc47f065eb1599d4d1ff
SSDEEP

24576:0kJHNxZL0NMy548tXy8v7WbOpeTTTqsEX9yLkxRBd4qr/tM4T/pOK5NpXArqT:WN9By8v7WqpeTTTqsEgk/tM4T/pOKNw2

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/undying_nocd/UndyingNOcdpatch.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/undying_10_nocd/Undying.exe
unpack001/undying_nocd/UndyingNOcdpatch.exe

Files

5be83aeb811cd18eed41501d31e8395c_JaffaCakes118
.rar
undying_10_nocd/Undying.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

GPackage

Sections

.text
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 6.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

stxt774
Size: 4KB - Virtual size: 508B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

stxt371
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
undying_10_nocd/howtoapply.txt
undying_nocd/UndyingNOcdpatch.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX3
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
undying_nocd/how2go.txt

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 96KB

.rdata Size: 36KB - Virtual size: 32KB

.data Size: 8KB - Virtual size: 6.4MB

.rsrc Size: 4KB - Virtual size: 2KB

stxt774 Size: 4KB - Virtual size: 508B

stxt371 Size: 14KB - Virtual size: 13KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 52KB

UPX1 Size: 3KB - Virtual size: 4KB

UPX2 Size: 4KB - Virtual size: 4KB

UPX3 Size: 9KB - Virtual size: 12KB

.text
Size: 100KB - Virtual size: 96KB

.rdata
Size: 36KB - Virtual size: 32KB

.data
Size: 8KB - Virtual size: 6.4MB

.rsrc
Size: 4KB - Virtual size: 2KB

stxt774
Size: 4KB - Virtual size: 508B

stxt371
Size: 14KB - Virtual size: 13KB

UPX0
Size: - Virtual size: 52KB

UPX1
Size: 3KB - Virtual size: 4KB

UPX2
Size: 4KB - Virtual size: 4KB

UPX3
Size: 9KB - Virtual size: 12KB