62d9f458cdc8de1b066d49e9369c6ffb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

62d9f458cdc8de1b066d49e9369c6ffb_JaffaCakes118
Size

168KB
MD5

62d9f458cdc8de1b066d49e9369c6ffb
SHA1

e0c1a089fd221c7408770c9b267f9f897688b3de
SHA256

f7f46839cdfdeb0c6cbecb38a4ac27b8981d2621d753b8ab4a7f7e230ac1525b
SHA512

67ca7a19df4d9a2ceb48d88f8518537ddb444113ea1b9e01d460b47cd12c5529922b0fbf2302fef2f3ac3a71e5b5dcc7e731da92e5fad20abdf8a2b7171748d3
SSDEEP

3072:gJendxM1VxSJaieJ7A4fDd/d+vi9Z9TTrazINUYs7hcwJgCMyoVpx:KBxSmJ7A2hdF9XTraOUYsFzgCMyC

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/EXE2VBS.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/EXE2VBS.exe
unpack001/Local_TRKShell.exe

Files

62d9f458cdc8de1b066d49e9369c6ffb_JaffaCakes118
.zip
EXE2VBS.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 296KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 165KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
EXE2VBS_EN.txt
EXE2VBS_ES.txt
Local_TRKShell.exe
.exe windows:4 windows x86 arch:x86

4a8fcf7817faa4500c185af8906e126f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

TranslateMessage
RegisterClassExA
DefWindowProcA
LoadIconA
LoadCursorA
GetMessageA
DispatchMessageA
CreateWindowExA

kernel32

GetStartupInfoA
ReadFile
CreateProcessA
CreateThread
lstrlenA
lstrcmpA
WriteFile
GetCommandLineA
CloseHandle
CreatePipe
RtlZeroMemory
ExitProcess
GetModuleHandleA

wsock32

htons
WSAStartup
accept
bind
closesocket
WSAAsyncSelect
listen
recv
send
socket

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 830B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 296KB

UPX1 Size: 165KB - Virtual size: 168KB

.rsrc Size: 6KB - Virtual size: 8KB

4a8fcf7817faa4500c185af8906e126f

Headers

File Characteristics

Imports

user32

kernel32

wsock32

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 830B

.data Size: 512B - Virtual size: 1KB

UPX0
Size: - Virtual size: 296KB

UPX1
Size: 165KB - Virtual size: 168KB

.rsrc
Size: 6KB - Virtual size: 8KB

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 830B

.data
Size: 512B - Virtual size: 1KB