abc98db383514310f79558a50d810644_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

abc98db383514310f79558a50d810644_JaffaCakes118
Size

540KB
MD5

abc98db383514310f79558a50d810644
SHA1

de803ea1750d6d0701016a94da4192b83a83434a
SHA256

4e8eafb411b84b1b7b0ce44bf4934af11487ecb51a3f289ebd15a12f79270a9a
SHA512

4fa39bd865277e5294a5b3eaf0698d638a9c5d8a37e6252e41b7cb97f816587c5baf1732bfd0c8b1af57b0425d93c4fee90bb2776e10f326ca9149a93e425a5c
SSDEEP

12288:/5I6WysMYTFpoIlNUmD7dYCI6H9eg+1sfJJ9L0aypf8id6Sw1UVJ+vPE+I/C:RrEBm2R1HNegLDOPeidOksP5I/C

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/qqplsxsm/易编社区—QQ批量扫信晒密工具V1.0.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/qqplsxsm/易编社区—QQ批量扫信晒密工具V1.0.exe
unpack002/out.upx

Files

abc98db383514310f79558a50d810644_JaffaCakes118
.rar
qqplsxsm/使用说明.txt
qqplsxsm/易编社区—QQ批量扫信晒密工具V1.0.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 712KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 406KB - Virtual size: 408KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 548KB - Virtual size: 546KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
qqplsxsm/软件截图.jpg
.jpg
qqplsxsm/郑重声明.txt