d4604d9a903032626740285b52df8730_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d4604d9a903032626740285b52df8730_JaffaCakes118
Size

4.3MB
MD5

d4604d9a903032626740285b52df8730
SHA1

cf016146638c9433468c29eb9cd0f7ef3a2105d9
SHA256

5c876ab48c0c3966e0809fe203e182d94fdf16c3c4c139c4fc732c26bfd1bc7c
SHA512

4c24a9dffc6576382dd239a306d5a9acd7a43d48fc7100077521ed8cb41c4279892d1411f51afbe85f561625a7ad3ab64ee5afa2764a05ffb9289ec6913810ce
SSDEEP

98304:OvbojGFjkFys+stxVvboWy8dmOgUL5aLwILnofJ:s6G5kFys+oNy8dmRu4JMfJ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/CFdetector.exe	upx
static1/unpack001/IHateYouVirus.exe	upx
static1/unpack001/ZE5IGBSJIV.exe	upx
static1/unpack001/chicken.exe	upx
static1/unpack001/love.exe	upx
static1/unpack001/poop.exe	upx
static1/unpack001/small.exe	upx
static1/unpack001/svchost.exe	upx

Unsigned PE 16 IoCs

Checks for missing Authenticode signature.

resource
unpack001/4MDNTEH2PQ.exe
unpack001/4MDNTEH2PQ.exe.1
unpack001/CFdetector.exe
unpack001/IHateYouVirus.exe
unpack001/XK6EBGICFE.exe
unpack001/ZE5IGBSJIV.exe
unpack004/out.upx
unpack001/chicken.exe
unpack005/out.upx
unpack001/crypted1.exe
unpack001/gotcha.exe
unpack001/love.exe
unpack001/poop.exe
unpack007/out.upx
unpack001/small.exe
unpack001/svchost.exe

Files

d4604d9a903032626740285b52df8730_JaffaCakes118
.zip
4MDNTEH2PQ.exe
.exe windows:4 windows x86 arch:x86

6be4f1a61d1db4b6b18dc53103951226

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
ord690
ord694
ord696
MethCallEngine
EVENT_SINK_Invoke
ord516
ord518
ord626
ord519
ord660
ord553
ord558
ord666
Zombie_GetTypeInfo
EVENT_SINK2_Release
ord592
ord593
ord594
ord595
ord303
ord702
ord598
ord599
ord520
ord521
ord309
ord709
ord631
ord525
ord632
ord526
EVENT_SINK_AddRef
ord527
ord528
ord529
ord561
DllFunctionCall
ord563
ord569
Zombie_GetTypeInfoCount
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord710
ord711
ord712
ord713
ord606
ord607
ord714
ord608
ord716
ord717
ord319
ProcCallEngine
ord535
ord536
ord537
ord644
ord570
ord648
ord571
ord572
ord573
EVENT_SINK2_AddRef
ord681
ord576
ord577
ord685
ord578
ord100
ord579
ord689
ord610
ord320
ord612
ord321
ord613
ord616
ord617
ord618
ord619
ord542
ord545
ord546
ord580
ord581

Sections

.text
Size: 412KB - Virtual size: 409KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
4MDNTEH2PQ.exe.1
.exe windows:4 windows x86 arch:x86

6be4f1a61d1db4b6b18dc53103951226

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
ord690
ord694
ord696
MethCallEngine
EVENT_SINK_Invoke
ord516
ord518
ord626
ord519
ord660
ord553
ord558
ord666
Zombie_GetTypeInfo
EVENT_SINK2_Release
ord592
ord593
ord594
ord595
ord303
ord702
ord598
ord599
ord520
ord521
ord309
ord709
ord631
ord525
ord632
ord526
EVENT_SINK_AddRef
ord527
ord528
ord529
ord561
DllFunctionCall
ord563
ord569
Zombie_GetTypeInfoCount
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord710
ord711
ord712
ord713
ord606
ord607
ord714
ord608
ord716
ord717
ord319
ProcCallEngine
ord535
ord536
ord537
ord644
ord570
ord648
ord571
ord572
ord573
EVENT_SINK2_AddRef
ord681
ord576
ord577
ord685
ord578
ord100
ord579
ord689
ord610
ord320
ord612
ord321
ord613
ord616
ord617
ord618
ord619
ord542
ord545
ord546
ord580
ord581

Sections

.text
Size: 412KB - Virtual size: 409KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CFdetector.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 549KB - Virtual size: 552KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IHateYouVirus.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.4MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 287KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
XK6EBGICFE.exe
.exe windows:4 windows x86 arch:x86

58fb7fafd0cf99568cf6a5a9bf62c650

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
ord690
ord694
ord696
MethCallEngine
EVENT_SINK_Invoke
ord516
ord518
ord626
ord519
ord660
ord553
ord558
ord666
Zombie_GetTypeInfo
EVENT_SINK2_Release
ord592
ord593
ord594
ord595
ord303
ord702
ord598
ord599
ord520
ord521
ord309
ord709
ord631
ord525
ord632
ord526
EVENT_SINK_AddRef
ord527
ord528
ord529
ord561
DllFunctionCall
ord563
ord569
Zombie_GetTypeInfoCount
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord710
ord711
ord712
ord713
ord606
ord607
ord714
ord608
ord531
ord716
ord717
ord319
ProcCallEngine
ord535
ord536
ord537
ord644
ord645
ord570
ord648
ord571
ord572
ord573
EVENT_SINK2_AddRef
ord681
ord576
ord577
ord685
ord578
ord100
ord579
ord689
ord610
ord320
ord612
ord321
ord613
ord616
ord617
ord618
ord619
ord542
ord545
ord546
ord580
ord581

Sections

.text
Size: 416KB - Virtual size: 412KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ZE5IGBSJIV.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 288KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 161KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 412KB - Virtual size: 409KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
chicken.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 288KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 161KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 412KB - Virtual size: 409KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
crypted1.exe
.exe windows:4 windows x86 arch:x86

c9179e372a541182c6bc87250c48888f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaGosubReturn
__vbaLenBstr
__vbaStrVarMove
__vbaEnd
ord697
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
ord516
_adj_fprem1
__vbaCopyBytes
__vbaStrCat
__vbaRecDestruct
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenBstrB
_adj_fdiv_m32
ord667
__vbaAryDestruct
__vbaStrBool
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaCyStr
_CIsin
__vbaErase
ord525
__vbaVarZero
ord632
__vbaChkstk
__vbaFileClose
__vbaGosubFree
EVENT_SINK_AddRef
ord529
__vbaStrCmp
__vbaGet3
__vbaVarTstEq
__vbaCyI4
__vbaObjVar
DllFunctionCall
__vbaLbound
_adj_fpatan
__vbaRedim
EVENT_SINK_Release
__vbaNew
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaGosub
ord716
__vbaFPException
__vbaUbound
__vbaStrVarVal
__vbaVarCat
ord644
_CIlog
__vbaFileOpen
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
__vbaFpCy
__vbaLateMemCall
__vbaAryLock
__vbaVarCopy
__vbaFpI4
__vbaLateMemCallLd
_CIatan
__vbaCastObj
__vbaStrMove
ord619
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaStrCy
__vbaFreeObj
__vbaFreeStr
__vbaI4ErrVar

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
gotcha.exe
.exe windows:4 windows x86 arch:x86

71c67bccea8e3b2670f54d21be78fa58

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
ord690
ord694
ord696
MethCallEngine
EVENT_SINK_Invoke
ord621
ord516
ord518
ord626
ord519
ord660
ord553
ord558
ord666
Zombie_GetTypeInfo
EVENT_SINK2_Release
ord592
ord593
ord594
ord595
ord303
ord702
ord598
ord599
ord520
ord309
ord709
ord631
ord632
ord525
ord526
EVENT_SINK_AddRef
ord527
ord528
ord529
ord561
DllFunctionCall
ord563
ord569
Zombie_GetTypeInfoCount
EVENT_SINK_Release
ord600
ord601
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord710
ord711
ord712
ord713
ord606
ord607
ord714
ord608
ord716
ord717
ord319
ProcCallEngine
ord535
ord536
ord537
ord644
ord645
ord570
ord648
ord571
ord572
ord573
EVENT_SINK2_AddRef
ord681
ord576
ord577
ord685
ord578
ord100
ord579
ord689
ord610
ord320
ord612
ord321
ord613
ord616
ord617
ord618
ord619
ord542
ord545
ord546
ord580
ord581

Sections

.text
Size: 284KB - Virtual size: 283KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 268KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
love.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 4.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 549KB - Virtual size: 552KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
poop.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 296KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 161KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 416KB - Virtual size: 412KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
small.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 340KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
svchost.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 608KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 683KB - Virtual size: 684KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6be4f1a61d1db4b6b18dc53103951226

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 412KB - Virtual size: 409KB

.data Size: - Virtual size: 24KB

.rsrc Size: 4KB - Virtual size: 3KB

6be4f1a61d1db4b6b18dc53103951226

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 412KB - Virtual size: 409KB

.data Size: - Virtual size: 24KB

.rsrc Size: 4KB - Virtual size: 3KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 4.1MB

UPX1 Size: 549KB - Virtual size: 552KB

.rsrc Size: 3KB - Virtual size: 4KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.4MB

UPX1 Size: 287KB - Virtual size: 288KB

.rsrc Size: 3KB - Virtual size: 4KB

58fb7fafd0cf99568cf6a5a9bf62c650

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 416KB - Virtual size: 412KB

.data Size: - Virtual size: 24KB

.rsrc Size: 8KB - Virtual size: 5KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 288KB

UPX1 Size: 161KB - Virtual size: 164KB

.rsrc Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 412KB - Virtual size: 409KB

.data Size: - Virtual size: 24KB

.rsrc Size: 4KB - Virtual size: 3KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 288KB

UPX1 Size: 161KB - Virtual size: 164KB

.rsrc Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 412KB - Virtual size: 409KB

.data Size: - Virtual size: 24KB

.rsrc Size: 4KB - Virtual size: 3KB

c9179e372a541182c6bc87250c48888f

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 2KB

71c67bccea8e3b2670f54d21be78fa58

Headers

File Characteristics

.text
Size: 412KB - Virtual size: 409KB

.data
Size: - Virtual size: 24KB

.rsrc
Size: 4KB - Virtual size: 3KB

.text
Size: 412KB - Virtual size: 409KB

.data
Size: - Virtual size: 24KB

.rsrc
Size: 4KB - Virtual size: 3KB

UPX0
Size: - Virtual size: 4.1MB

UPX1
Size: 549KB - Virtual size: 552KB

.rsrc
Size: 3KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 1.4MB

UPX1
Size: 287KB - Virtual size: 288KB

.rsrc
Size: 3KB - Virtual size: 4KB

.text
Size: 416KB - Virtual size: 412KB

.data
Size: - Virtual size: 24KB

.rsrc
Size: 8KB - Virtual size: 5KB

UPX0
Size: - Virtual size: 288KB

UPX1
Size: 161KB - Virtual size: 164KB

.rsrc
Size: 512B - Virtual size: 4KB

.text
Size: 412KB - Virtual size: 409KB

.data
Size: - Virtual size: 24KB

.rsrc
Size: 4KB - Virtual size: 3KB

UPX0
Size: - Virtual size: 288KB

UPX1
Size: 161KB - Virtual size: 164KB

.rsrc
Size: 512B - Virtual size: 4KB

.text
Size: 412KB - Virtual size: 409KB

.data
Size: - Virtual size: 24KB

.rsrc
Size: 4KB - Virtual size: 3KB

.text
Size: 3.4MB - Virtual size: 3.4MB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 2KB

.text
Size: 284KB - Virtual size: 283KB

.data
Size: - Virtual size: 20KB

.rsrc
Size: 268KB - Virtual size: 265KB

UPX0
Size: - Virtual size: 4.1MB

UPX1
Size: 549KB - Virtual size: 552KB

.rsrc
Size: 3KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 296KB

UPX1
Size: 161KB - Virtual size: 164KB

.rsrc
Size: 3KB - Virtual size: 4KB

.text
Size: 416KB - Virtual size: 412KB

.data
Size: - Virtual size: 24KB

.rsrc
Size: 8KB - Virtual size: 5KB

UPX0
Size: - Virtual size: 3.1MB

UPX1
Size: 340KB - Virtual size: 344KB

.rsrc
Size: 3KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 608KB

UPX1
Size: 683KB - Virtual size: 684KB

.rsrc
Size: 1KB - Virtual size: 4KB