f593fea13065c445752f0f820b5e10ac_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f593fea13065c445752f0f820b5e10ac_JaffaCakes118
Size

2.1MB
MD5

f593fea13065c445752f0f820b5e10ac
SHA1

c79616427ac99aaceb05bf53630836aaa0b0670f
SHA256

ba86d1920ddb582ea3e3d3ae2d664dbaa9afd321e0a8a8f456feb1bbc312247c
SHA512

a78775e62726bbdee6e3016f57643c74bf724ba7cec87d933a24672261901e7e081ca4577d685a2b0c654e702bf739298e87353ea78194c2e901efb02ef785f2
SSDEEP

49152:+uMV+w7nh3f4mDN5TkF+VN1dhVoJXI68kJJIoPpNRqA0:+u++Inh3QMN5TkF+vjxEQP

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Windows7系统助手/AssiStant.exe	upx
static1/unpack001/Windows7系统助手/tools/LockScreen.exe	upx
static1/unpack001/Windows7系统助手/tools/memorandum.exe	upx
static1/unpack001/Windows7系统助手/tools/shutdown.exe	upx

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Windows7系统助手/AssiStant.exe
unpack002/out.upx
unpack001/Windows7系统助手/tools/LockScreen.exe
unpack003/out.upx
unpack001/Windows7系统助手/tools/memorandum.exe
unpack004/out.upx
unpack001/Windows7系统助手/tools/shutdown.exe
unpack005/out.upx

Files

f593fea13065c445752f0f820b5e10ac_JaffaCakes118
.rar
Windows7系统助手/AssiStant.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 4.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 765KB - Virtual size: 768KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 174KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 832KB - Virtual size: 828KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 299KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 196KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows7系统助手/tools/LockScreen.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 484KB - Virtual size: 488KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 174KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 592KB - Virtual size: 589KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1012KB - Virtual size: 1008KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 267KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 192KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows7系统助手/tools/memorandum.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 415KB - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 174KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 572KB - Virtual size: 569KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 604KB - Virtual size: 600KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 192KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Windows7系统助手/tools/shutdown.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 386KB - Virtual size: 388KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 174KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 564KB - Virtual size: 563KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 552KB - Virtual size: 549KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 192KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 4.6MB

UPX1 Size: 765KB - Virtual size: 768KB

.rsrc Size: 174KB - Virtual size: 176KB

Headers

File Characteristics

Sections

.text Size: 832KB - Virtual size: 828KB

.rdata Size: 4.0MB - Virtual size: 4.0MB

.data Size: 68KB - Virtual size: 299KB

.rsrc Size: 196KB - Virtual size: 193KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.6MB

UPX1 Size: 484KB - Virtual size: 488KB

.rsrc Size: 174KB - Virtual size: 176KB

Headers

File Characteristics

Sections

.text Size: 592KB - Virtual size: 589KB

.rdata Size: 1012KB - Virtual size: 1008KB

.data Size: 68KB - Virtual size: 267KB

.rsrc Size: 192KB - Virtual size: 188KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.2MB

UPX1 Size: 415KB - Virtual size: 416KB

.rsrc Size: 174KB - Virtual size: 176KB

Headers

File Characteristics

Sections

.text Size: 572KB - Virtual size: 569KB

.rdata Size: 604KB - Virtual size: 600KB

.data Size: 68KB - Virtual size: 231KB

.rsrc Size: 192KB - Virtual size: 188KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.2MB

UPX1 Size: 386KB - Virtual size: 388KB

.rsrc Size: 174KB - Virtual size: 176KB

Headers

File Characteristics

Sections

.text Size: 564KB - Virtual size: 563KB

.rdata Size: 552KB - Virtual size: 549KB

.data Size: 68KB - Virtual size: 255KB

.rsrc Size: 192KB - Virtual size: 188KB

UPX0
Size: - Virtual size: 4.6MB

UPX1
Size: 765KB - Virtual size: 768KB

.rsrc
Size: 174KB - Virtual size: 176KB

.text
Size: 832KB - Virtual size: 828KB

.rdata
Size: 4.0MB - Virtual size: 4.0MB

.data
Size: 68KB - Virtual size: 299KB

.rsrc
Size: 196KB - Virtual size: 193KB

UPX0
Size: - Virtual size: 1.6MB

UPX1
Size: 484KB - Virtual size: 488KB

.rsrc
Size: 174KB - Virtual size: 176KB

.text
Size: 592KB - Virtual size: 589KB

.rdata
Size: 1012KB - Virtual size: 1008KB

.data
Size: 68KB - Virtual size: 267KB

.rsrc
Size: 192KB - Virtual size: 188KB

UPX0
Size: - Virtual size: 1.2MB

UPX1
Size: 415KB - Virtual size: 416KB

.rsrc
Size: 174KB - Virtual size: 176KB

.text
Size: 572KB - Virtual size: 569KB

.rdata
Size: 604KB - Virtual size: 600KB

.data
Size: 68KB - Virtual size: 231KB

.rsrc
Size: 192KB - Virtual size: 188KB

UPX0
Size: - Virtual size: 1.2MB

UPX1
Size: 386KB - Virtual size: 388KB

.rsrc
Size: 174KB - Virtual size: 176KB

.text
Size: 564KB - Virtual size: 563KB

.rdata
Size: 552KB - Virtual size: 549KB

.data
Size: 68KB - Virtual size: 255KB

.rsrc
Size: 192KB - Virtual size: 188KB