de584bb5d883d90c01abce51f431ef2c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

de584bb5d883d90c01abce51f431ef2c_JaffaCakes118
Size

286KB
MD5

de584bb5d883d90c01abce51f431ef2c
SHA1

da998a3133e9fd3771e41e0de7ef6ac8c33b14be
SHA256

00d7cdc61866294253a5d785497cfd12b9deb26f8be2936dcee8d2330616481b
SHA512

d26eee131d89b928b796dece3ad3614c3f08e8485e66a5a8def400e6900d100477f9a69d4eae615844e47f852b99ed981f149494cc0a45399a258fad5109a038
SSDEEP

6144:GhNnKtgFfevPrYY6r3EduftOLQx66OLUhgZZaE0p/83C+14q9Mz:aNp2vjYYK3EdoMEx6pLU2KES/8S+1Hi

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/魔兽争霸3修改器_new.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/魔兽争霸3修改器_new.exe
unpack002/out.upx

Files

de584bb5d883d90c01abce51f431ef2c_JaffaCakes118
.zip
魔兽争霸3修改器_new.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 652KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 287KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 564KB - Virtual size: 562KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ