d6eb5940fdaf38380e3971896c4bf243_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d6eb5940fdaf38380e3971896c4bf243_JaffaCakes118
Size

735KB
MD5

d6eb5940fdaf38380e3971896c4bf243
SHA1

80e726a6c1069b30dd44fb934e161403a1913504
SHA256

cc0b151055e7d4bceeb128577123ceeea39cf4078d3ecd0ead1fb5245d50e0f9
SHA512

1d8ba61a790c3253302fa931f9329d592a7fca7b12fa16a2422447078466ea8a5777e11c94ec5d0786cd5fe36b682aaafa6511ca7c134bae2a91125942e965ab
SSDEEP

12288:lnSL2CAwI1U7tUEKdkweCdwdGti/WLvKmVDaKLeUngjTrft15OZ+CDVXK+H43a9X:lnSajGDCdM/W+uDaKATr1PA+YKO4yzxF

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Victoria 4.47 for x64/vcr447.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Victoria 4.47 for x64/porttalk.sys
unpack001/Victoria 4.47 for x64/vcr447.exe

Files

d6eb5940fdaf38380e3971896c4bf243_JaffaCakes118
.zip
Victoria 4.47 for x64/dummi.htm
Victoria 4.47 for x64/fixes447.txt
Victoria 4.47 for x64/porttalk.sys
.sys windows:5 windows x86 arch:x86

a9829c217b84b04d4d54693885594f4e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoCreateDevice
MmAllocateNonCachedMemory
Ke386IoSetAccessProcess
IoCreateSymbolicLink
RtlInitUnicodeString
IoDeleteDevice
IoDeleteSymbolicLink
MmFreeNonCachedMemory
Ke386SetIoAccessMap
IofCompleteRequest
PsLookupProcessByProcessId

hal

WRITE_PORT_UCHAR
READ_PORT_UCHAR

Sections

.text
Size: 736B - Virtual size: 714B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 448B - Virtual size: 440B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 992B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 96B - Virtual size: 82B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Victoria 4.47 for x64/vcr40.ini
Victoria 4.47 for x64/vcr447.exe
.exe windows:6 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

Size: 66.9MB - Virtual size: 16KB

Size: 67.2MB - Virtual size: 4B

��
Size: - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA

Size: - Virtual size:

Size: - Virtual size: 67.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA

Size: - Virtual size:
Victoria 4.47 for x64/vichlp.htm
.html

Sharing

General

Malware Config

Signatures

Files

a9829c217b84b04d4d54693885594f4e

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

Sections

.text Size: 736B - Virtual size: 714B

.rdata Size: 160B - Virtual size: 148B

.data Size: 32B - Virtual size: 4B

INIT Size: 448B - Virtual size: 440B

.rsrc Size: 992B - Virtual size: 984B

.reloc Size: 96B - Virtual size: 82B

Headers

File Characteristics

Sections

 Size: 66.9MB - Virtual size: 16KB

Size: 67.2MB - Virtual size: 4B

���� Size: - Virtual size:

Size: - Virtual size:

Size: - Virtual size: 67.0MB

Size: - Virtual size:

.text
Size: 736B - Virtual size: 714B

.rdata
Size: 160B - Virtual size: 148B

.data
Size: 32B - Virtual size: 4B

INIT
Size: 448B - Virtual size: 440B

.rsrc
Size: 992B - Virtual size: 984B

.reloc
Size: 96B - Virtual size: 82B

Size: 66.9MB - Virtual size: 16KB

��
Size: - Virtual size: