b08d13948d8c63484756bd32c7cc2ca1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b08d13948d8c63484756bd32c7cc2ca1_JaffaCakes118
Size

2.8MB
MD5

b08d13948d8c63484756bd32c7cc2ca1
SHA1

033c7a62a7b476eb98f7d270709753ec82483139
SHA256

b5fc4cbe3e8948434f485868fbacd2823f5cd2205c7607d1809dad9ac3eb658e
SHA512

221bf5404fa3a2621dca9688c6ea9b2e87430562d5fe7f2a4685e7ae6f6ac7cb35fa094bc2fd0e758fd35ba187b64a23f41ae38b55061d1f627e403ece634f53
SSDEEP

49152:Pk/TUdqT5swVu0HB90ruMVzTC5SXVNcCQ3VCQIyyKlxrgE/EhlM:Pk/Wq+wVuK90iy/B/c2yVrv/ErM

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Watcher/_r1.exe	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Watcher/360Watch.exe
unpack001/Watcher/_r1.exe
unpack002/out.upx

Files

b08d13948d8c63484756bd32c7cc2ca1_JaffaCakes118
.rar
Watcher/360Watch.exe
.exe .js windows:4 windows x86 arch:x86 polyglot

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 437KB - Virtual size: 437KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 189KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Watcher/_r1.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 612KB - Virtual size: 616KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

@@Compfunction@Finalize
@@Compfunction@Initialize
@@Compparse@Finalize
@@Compparse@Initialize
@@Glspriteengine@Finalize
@@Glspriteengine@Initialize
@@Gltextgrid@Finalize
@@Gltextgrid@Initialize
@@Glwindow@Finalize
@@Glwindow@Initialize
@@Haserrorstate@Finalize
@@Haserrorstate@Initialize
@@Loadimage@Finalize
@@Loadimage@Initialize
@@Misc@Finalize
@@Misc@Initialize
@@Plugindll@Finalize
@@Plugindll@Initialize
@@Streaming@Finalize
@@Streaming@Initialize
@@Tomcomp@Finalize
@@Tomcomp@Initialize
@@Tomcompilerbasiclib@Finalize
@@Tomcompilerbasiclib@Initialize
@@Tomfileiobasiclib@Finalize
@@Tomfileiobasiclib@Initialize
@@Tomjoystickbasiclib@Finalize
@@Tomjoystickbasiclib@Initialize
@@Tomnetbasiclib@Finalize
@@Tomnetbasiclib@Initialize
@@Tomopenglbasiclib@Finalize
@@Tomopenglbasiclib@Initialize
@@Tomsoundbasiclib@Finalize
@@Tomsoundbasiclib@Initialize
@@Tomstdbasiclib@Finalize
@@Tomstdbasiclib@Initialize
@@Tomtextbasiclib@Finalize
@@Tomtextbasiclib@Initialize
@@Tomtrigbasiclib@Finalize
@@Tomtrigbasiclib@Initialize
@@Tomvm@Finalize
@@Tomvm@Initialize
@@Tomvmdlladapter@Finalize
@@Tomvmdlladapter@Initialize
@@Tomwindowsbasiclib@Finalize
@@Tomwindowsbasiclib@Initialize
@@Vmcode@Finalize
@@Vmcode@Initialize
@@Vmdata@Finalize
@@Vmdata@Initialize
@@Vmfunction@Finalize
@@Vmfunction@Initialize
@@Vmtypes@Finalize
@@Vmtypes@Initialize
@@Vmvariables@Finalize
@@Vmvariables@Initialize
__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 358KB - Virtual size: 428KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 65KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Watcher/readme.txt
Watcher/tmp.jpg
.jpg
Watcher/小树林.JPG
.jpg
Watcher/小桥流水.jpg
.jpg
Watcher/岸边.jpg
.jpg
Watcher/异国小镇.jpg
.jpg
Watcher/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 437KB - Virtual size: 437KB

DATA Size: 7KB - Virtual size: 6KB

BSS Size: - Virtual size: 3KB

.idata Size: 9KB - Virtual size: 8KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 27KB - Virtual size: 26KB

.rsrc Size: 189KB - Virtual size: 189KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.8MB

UPX1 Size: 612KB - Virtual size: 616KB

.rsrc Size: 1024B - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.data Size: 358KB - Virtual size: 428KB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 10KB - Virtual size: 12KB

.edata Size: 2KB - Virtual size: 4KB

.rsrc Size: 59KB - Virtual size: 59KB

.reloc Size: 65KB - Virtual size: 68KB

CODE
Size: 437KB - Virtual size: 437KB

DATA
Size: 7KB - Virtual size: 6KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 9KB - Virtual size: 8KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 27KB - Virtual size: 26KB

.rsrc
Size: 189KB - Virtual size: 189KB

UPX0
Size: - Virtual size: 1.8MB

UPX1
Size: 612KB - Virtual size: 616KB

.rsrc
Size: 1024B - Virtual size: 4KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 358KB - Virtual size: 428KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 10KB - Virtual size: 12KB

.edata
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 59KB - Virtual size: 59KB

.reloc
Size: 65KB - Virtual size: 68KB