gandcrab | f05a63b83b3705eb0ffb5108112b60f7_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f05a63b83b3705eb0ffb5108112b60f7_JaffaCakes118
Size

97KB
MD5

f05a63b83b3705eb0ffb5108112b60f7
SHA1

bd7c69da3156993a42cf3a36cce3cc3c4fa05103
SHA256

0f6be4390b03dbe30800d61ef57750ea391e8ab2b2e6cecbd9bed51188e88f7b
SHA512

9db1637a1b53cd317453bbc6eb040ead3ee30ce3e6425a45022e3b24147b6cd5523124538e49592939d2b59090286b52602237ac1e6291148087a8a1292f0774
SSDEEP

1536:gZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAEMqqU+2bbbAV2/S2LNmHkD:OBounVyFHFMqqDL2/LgHkc2

Score

10^/10

upx gandcrab

Malware Config

Signatures

GandCrab payload 1 IoCs

resource	yara_rule
sample	family_gandcrab

Gandcrab family
gandcrab

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f05a63b83b3705eb0ffb5108112b60f7_JaffaCakes118

Files

f05a63b83b3705eb0ffb5108112b60f7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

_ReflectiveLoader@0

Sections

UPX0
Size: 62KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE