e1ea2d8d47d735ee72b629eeb0e4914f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e1ea2d8d47d735ee72b629eeb0e4914f_JaffaCakes118
Size

484KB
MD5

e1ea2d8d47d735ee72b629eeb0e4914f
SHA1

1f017ffbabf771841ac893e687235eaddf9369f4
SHA256

369af39cf1f15545eba68343e6ee8226a653ff1606a60b5132e089cf3b2da93f
SHA512

382de8c52fb38fdb2b03e1b6f27ad63c18d09ec7a0ffcb0562e59528808cbe40e7df982ca92f9ad3063099348cbc10932a64981f103a3149a53e7ddd09d061f4
SSDEEP

12288:EW5173DInl1Pg+XiiUkpbzi3RC/7OHOgz8rz5/lnf:EWXe/PgJpkpb+BSgz8rz59nf

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/realplay声道控制/realvol.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/activator4.1.exe
unpack001/realplay声道控制/realvol.exe

Files

e1ea2d8d47d735ee72b629eeb0e4914f_JaffaCakes118
.rar
Readme.txt
activator4.1.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.PATCH
Size: 1KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.master
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
realplay声道控制/Readme.txt
realplay声道控制/realvol.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 532KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 457KB - Virtual size: 460KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
realplay声道控制/realvol.ini

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 2KB - Virtual size: 4KB

DATA Size: 1024B - Virtual size: 4KB

.idata Size: 1024B - Virtual size: 4KB

.reloc Size: - Virtual size: 4KB

.rsrc Size: 21KB - Virtual size: 40KB

.PATCH Size: 1KB - Virtual size: 8KB

.master Size: 5KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 532KB

UPX1 Size: 457KB - Virtual size: 460KB

.rsrc Size: 11KB - Virtual size: 12KB

CODE
Size: 2KB - Virtual size: 4KB

DATA
Size: 1024B - Virtual size: 4KB

.idata
Size: 1024B - Virtual size: 4KB

.reloc
Size: - Virtual size: 4KB

.rsrc
Size: 21KB - Virtual size: 40KB

.PATCH
Size: 1KB - Virtual size: 8KB

.master
Size: 5KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

UPX0
Size: - Virtual size: 532KB

UPX1
Size: 457KB - Virtual size: 460KB

.rsrc
Size: 11KB - Virtual size: 12KB