b084732e177eb71932f6e0f8db23a4ba_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b084732e177eb71932f6e0f8db23a4ba_JaffaCakes118
Size

37KB
MD5

b084732e177eb71932f6e0f8db23a4ba
SHA1

94f91060fcbc12efd5a585b83d851a7803373b2f
SHA256

9101767f91288c1d6cbd6fe3eb876a4728451e715de6e150b02eb9c5b44ca0ef
SHA512

6d91ad248b2201cadc321c1b20f36ffb3ecfb491836622b6e61d7bbb136aee3470701b192be208871b2c8411cd19140a61751314268d5a9622e0abc950c77740
SSDEEP

768:x+xXhu17a1GRG57G5Ft6ELimBQAtWggLBH8I8DIWRXjW0/eaUoS:gxu17sGw59ELimCAtrgVXSIW1v/e7

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/Iolo.System.Mechanic.Professional.v6.0p.Keygen.Only-HERETiC/htc_ism6.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Iolo.System.Mechanic.Professional.v6.0p.Keygen.Only-HERETiC/htc_ism6.exe
unpack002/out.upx

Files

b084732e177eb71932f6e0f8db23a4ba_JaffaCakes118
.zip
Iolo.System.Mechanic.Professional.v6.0p.Keygen.Only-HERETiC/file_id.diz
Iolo.System.Mechanic.Professional.v6.0p.Keygen.Only-HERETiC/heretic.nfo
Iolo.System.Mechanic.Professional.v6.0p.Keygen.Only-HERETiC/htc_ism6.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 204KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ