acf7251226525c8b2786ae9e84846606_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

acf7251226525c8b2786ae9e84846606_JaffaCakes118
Size

275KB
MD5

acf7251226525c8b2786ae9e84846606
SHA1

c6398728555cff310ba9fd9f9e2a73510a5ab9e2
SHA256

e7281b1b3cb899e7a90b965deca1a6b693c595eca261429e1a3bd2e9a8c90d24
SHA512

066b98e2d6fdea548ba45780e87f08ae1cde464627e200702163905df671b2c63f4b90740f88bb24a7686aa88018f3e1642207d533864beef99e5ba147bdb4e2
SSDEEP

6144:6DzLh0/PG5fKZjGoUY8PMDF1XAIVhhvget3YUhV+uhO9yUEixdMv:60PG5f1YEcXPh5+uKyUEicv

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/MultiHack_v1.8.1_20122011/1.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/MultiHack_v1.8.1_20122011/1.exe
unpack001/MultiHack_v1.8.1_20122011/Multihack_kamer.dll

Files

acf7251226525c8b2786ae9e84846606_JaffaCakes118
.rar
MultiHack_v1.8.1_20122011/1.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 452KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 169KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
MultiHack_v1.8.1_20122011/1.ini
MultiHack_v1.8.1_20122011/1start.bat
MultiHack_v1.8.1_20122011/Multihack_kamer.dll
.dll windows:5 windows x86 arch:x86

2207e1bacd1ed41701fa4b56e34fb7ba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Users\Kamil\Desktop\ForKamerqqq\Release\Multihack_kamer.pdb

Imports

kernel32

DisableThreadLibraryCalls
CreateThread
FlushInstructionCache
VirtualProtect
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
SetLastError

msvcr90

__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__CxxDetectRethrow
__CxxQueryExceptionSize
_cexit
??2@YAPAXI@Z
__FrameUnwindFilter
__CxxFrameHandler3
memcpy
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_except_handler4_common
__CxxExceptionFilter
_encoded_null
free
_malloc_crt
_encode_pointer
??3@YAXPAX@Z
_onexit

msvcm90

?DoCallBackInDefaultDomain@<CrtImplementationDetails>@@YAXP6GJPAX@Z0@Z
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@@Z
?RegisterModuleUninitializer@<CrtImplementationDetails>@@YAXP$AAVEventHandler@System@@@Z
?DoDllLanguageSupportValidation@<CrtImplementationDetails>@@YAXXZ
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@P$AAVException@3@@Z
?ThrowNestedModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVException@System@@0@Z

python22

PyTuple_SetItem
PyInt_AsLong
PyTuple_New
PyObject_Call
PyString_FromString
PyObject_GetAttrString
PyRun_SimpleString
PyTuple_GetItem
PyImport_ImportModule
PyInt_FromLong
PyString_AsString

mscoree

_CorDllMain

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 198KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 452KB

UPX1 Size: 169KB - Virtual size: 172KB

.rsrc Size: 92KB - Virtual size: 96KB

2207e1bacd1ed41701fa4b56e34fb7ba

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcr90

msvcm90

python22

mscoree

Sections

.text Size: 56KB - Virtual size: 55KB

.rdata Size: 198KB - Virtual size: 198KB

.data Size: 512B - Virtual size: 18KB

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 3KB - Virtual size: 3KB

UPX0
Size: - Virtual size: 452KB

UPX1
Size: 169KB - Virtual size: 172KB

.rsrc
Size: 92KB - Virtual size: 96KB

.text
Size: 56KB - Virtual size: 55KB

.rdata
Size: 198KB - Virtual size: 198KB

.data
Size: 512B - Virtual size: 18KB

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 3KB - Virtual size: 3KB