bd05e1a7ec7e1707fa33266cc7099af1_JaffaCakes118 | Triage

Sharing

General

Target

bd05e1a7ec7e1707fa33266cc7099af1_JaffaCakes118
Size

598KB
MD5

bd05e1a7ec7e1707fa33266cc7099af1
SHA1

6200785ac7015433024a3772b620ab05f9727fd2
SHA256

735906cfd7a350a11dac47478b1be1d7a3bdd04a2b0d73ba609ca22ac2af1c6d
SHA512

3c7e597bd90849c8418b8398f9d2dee04fd5247ca7e1b488e1b5ae76beecd4e7126515df295a7b49425001e0f58ee626059e06544da338313d1f9541eb669f25
SSDEEP

12288:CrxfcqXti4NV+eizHBkWMGQTMdPFu0GyIh4JPWheJ3hnSoPotbJSoT7jOo:wxfcqXtPNYQYdNu0MOFn3hSoPotbJdTZ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/PHILka.RU_Perfect Keylogger 1.68/i_bpk2007.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/PHILka.RU_Perfect Keylogger 1.68/i_bpk2007.exe
unpack002/out.upx

Files

bd05e1a7ec7e1707fa33266cc7099af1_JaffaCakes118
.rar
PHILka.RU_Perfect Keylogger 1.68/PHILka.RU.jpg
.jpg
PHILka.RU_Perfect Keylogger 1.68/PHILka.RU.url
PHILka.RU_Perfect Keylogger 1.68/Readme!.txt
PHILka.RU_Perfect Keylogger 1.68/i_bpk2007.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ