c79051f55a1e86b86f8c82770db36198_JaffaCakes118 | Triage

Sharing

General

Target

c79051f55a1e86b86f8c82770db36198_JaffaCakes118
Size

340KB
MD5

c79051f55a1e86b86f8c82770db36198
SHA1

4906ea6b0669e1d3087eea40a8e4c51c4a735de7
SHA256

e2c384a472ed10968dba5299d5e6f3589813013e90a443c1ec04a3a10c3c2007
SHA512

adc69e9f4620ed3fe078d772d0b05c91b2d32e9f7319c7bb2629d3debcf48ebfb4e4289b1ea3f0620deb39a629e447fccb56dc2ee960b8936a36b6622e01d0ac
SSDEEP

6144:w2XBOwXVlwkFzvHdwmxxyfMGJFnjYu8owfhIDMnTuIDAaEb5TI:wS/LP5cjuhhIoTOaK5TI

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/Vikingkiller.scr	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Vikingkiller.scr
unpack002/out.upx

Files

c79051f55a1e86b86f8c82770db36198_JaffaCakes118
.rar
Vikingkiller.scr
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 340KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 672KB - Virtual size: 671KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 196KB - Virtual size: 879KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
安装说明.url
.url