75c80c4359c9075fa591dcd05f9da43b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

75c80c4359c9075fa591dcd05f9da43b_JaffaCakes118
Size

3.7MB
MD5

75c80c4359c9075fa591dcd05f9da43b
SHA1

bce48c3cda8acdb2e1fc838d8fdc033f7f6b1df5
SHA256

8e57811ac7d4893a88d3b7a6700cc4a7c326c68782a4c5a7d63d512e887e85af
SHA512

c021492f934f7098789adc79d295249bb03f21f1c87aa1d7ed3b26eb13b46751bba3b086bac4e173ca042165208f56ff0d9e7e775b6771b84f585fc75d84ad8d
SSDEEP

98304:oR8zDz7By12MlEebjrYTLX42o++L8Nn2rZIO:/v8OeUP5oNeO

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/AdWare SpyWare SE/AdWare SpyWare SE.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/AdWare SpyWare SE/AdWare SpyWare SE.exe
unpack001/AdWare SpyWare SE/unins000.exe

Files

75c80c4359c9075fa591dcd05f9da43b_JaffaCakes118
.rar
AdWare SpyWare SE/AdWare SpyWare SE.chm
.chm
AdWare SpyWare SE/AdWare SpyWare SE.dat
AdWare SpyWare SE/AdWare SpyWare SE.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 2.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 899KB - Virtual size: 900KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
AdWare SpyWare SE/AdWare SpyWare SE.ini
AdWare SpyWare SE/Francais.lng
AdWare SpyWare SE/Instructions/Registry.htm
.html
AdWare SpyWare SE/Language.lng
AdWare SpyWare SE/Update/Update.dat
AdWare SpyWare SE/unins000.dat
AdWare SpyWare SE/unins000.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 556KB - Virtual size: 556KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
AdWare SpyWare SE/下载说明.htm
.html .js polyglot
AdWare SpyWare SE/安装说明.txt
AdWare SpyWare SE/非常世纪资源网.url
.url

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 2.4MB

UPX1 Size: 899KB - Virtual size: 900KB

.rsrc Size: 30KB - Virtual size: 32KB

Headers

File Characteristics

Sections

CODE Size: 556KB - Virtual size: 556KB

DATA Size: 4KB - Virtual size: 3KB

BSS Size: - Virtual size: 4KB

.idata Size: 9KB - Virtual size: 9KB

.tls Size: - Virtual size: 8B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: - Virtual size: 31KB

.rsrc Size: 76KB - Virtual size: 76KB

UPX0
Size: - Virtual size: 2.4MB

UPX1
Size: 899KB - Virtual size: 900KB

.rsrc
Size: 30KB - Virtual size: 32KB

CODE
Size: 556KB - Virtual size: 556KB

DATA
Size: 4KB - Virtual size: 3KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 9KB - Virtual size: 9KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 31KB

.rsrc
Size: 76KB - Virtual size: 76KB