82909fcb100734a430a912fee694253a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

82909fcb100734a430a912fee694253a_JaffaCakes118
Size

251KB
MD5

82909fcb100734a430a912fee694253a
SHA1

bbd8ac9fc29c4c8baf9aeee1d30e8ce10491a83c
SHA256

c8398b9f97ce1153a491ba45019c48ecf4385390aa2e7c443bafaeedaacd8c46
SHA512

f3fd50a9717ef707f6fc2e61fcdc5c48163d9b41d64c08e58bb67fedd9cabe2e63bff47157cbce910b16f22d7aa1b936d8ab431337b0774ed2ccf2907421d476
SSDEEP

6144:KXyYEe1S/b9EPfBFjGNYT4U8/f39a220mtrF5Q0ZAMdNPlz2mjq4:KCYCD9EBFjVKnN2dZ5XOMTQ4

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/DShutdown/DShutdown.exe	upx
static1/unpack001/DShutdown/RDShutdown Setup Utility.exe	upx
static1/unpack001/DShutdown/RDShutdown.exe	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/DShutdown/DShutdown.exe
unpack001/DShutdown/RDShutdown Setup Utility.exe
unpack001/DShutdown/RDShutdown.exe

Files

82909fcb100734a430a912fee694253a_JaffaCakes118
.zip
DShutdown/DShutdown (ENG).txt
DShutdown/DShutdown (ITA).txt
DShutdown/DShutdown.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 416KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 146KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
DShutdown/History (ITA).txt
DShutdown/License (ENG).txt
DShutdown/RDShutdown (ENG).txt
DShutdown/RDShutdown (ITA).txt
DShutdown/RDShutdown Setup Utility (ENG).txt
DShutdown/RDShutdown Setup Utility (ITA).txt
DShutdown/RDShutdown Setup Utility.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
DShutdown/RDShutdown.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 168KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 72KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 416KB

UPX1 Size: 146KB - Virtual size: 148KB

.rsrc Size: 3KB - Virtual size: 4KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 36KB

UPX1 Size: 12KB - Virtual size: 16KB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 168KB

UPX1 Size: 72KB - Virtual size: 76KB

.rsrc Size: 3KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 416KB

UPX1
Size: 146KB - Virtual size: 148KB

.rsrc
Size: 3KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 36KB

UPX1
Size: 12KB - Virtual size: 16KB

.rsrc
Size: 2KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 168KB

UPX1
Size: 72KB - Virtual size: 76KB

.rsrc
Size: 3KB - Virtual size: 4KB