f5f55c2c2d6e42c75302b243e33777cd_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f5f55c2c2d6e42c75302b243e33777cd_JaffaCakes118
Size

1.4MB
MD5

f5f55c2c2d6e42c75302b243e33777cd
SHA1

e2406e73f1c86b5cb130ffa90d3a65c9f540312d
SHA256

19b79c8253e187dc3e2101649c348000ea73b891de265cde4f2f9132ab89f234
SHA512

9fe3d777804dfe80661209a3398f0f91c33855a21de5b3fc926be9d818d99887ed63dcc9f2affe270dbf1a9d66acecff94ab87d1cd5c5bb6b447e06a920cf8a7
SSDEEP

24576:BdR5cBfQFAcEzjtUwJG0biMiJGS2jHzm5cTjBEWzJ00e+IxJE1pt6HtlANGiCLsq:DRSQWiwJTbijk0YPNWHE1pt6NRLCXrfc

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/QQltzs-v1.5/QQltzs/QQltzs.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/QQltzs-v1.5/QQltzs/Interest.dll
unpack001/QQltzs-v1.5/QQltzs/QQltzs.exe

Files

f5f55c2c2d6e42c75302b243e33777cd_JaffaCakes118
.rar
QQltzs-v1.5/QQltzs/Data.TXT
QQltzs-v1.5/QQltzs/Interest.dll
.dll windows:4 windows x86 arch:x86

ae0a5112fe1176f4e5f6e1bc95e4c209

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

MessageBoxA

kernel32

FreeLibrary
lstrcatA
GetModuleFileNameA
ExitProcess
LoadLibraryA
GetProcAddress
lstrlenA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

Exports

Exports

getresources
getweb

Sections

.text
Size: 1024B - Virtual size: 808B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
QQltzs-v1.5/QQltzs/QQltzs.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 396KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 141KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 159KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
QQltzs-v1.5/QQltzs/config.ini
QQltzs-v1.5/QQltzs/说明.txt

Sharing

General

Malware Config

Signatures

Files

ae0a5112fe1176f4e5f6e1bc95e4c209

Headers

File Characteristics

Imports

user32

kernel32

advapi32

Exports

Exports

Sections

.text Size: 1024B - Virtual size: 808B

.rdata Size: 512B - Virtual size: 404B

.data Size: 512B - Virtual size: 20B

.reloc Size: 512B - Virtual size: 108B

.data Size: 1024B - Virtual size: 1024B

.data Size: 512B - Virtual size: 88B

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 396KB

UPX1 Size: 141KB - Virtual size: 144KB

.rsrc Size: 159KB - Virtual size: 160KB

.text
Size: 1024B - Virtual size: 808B

.rdata
Size: 512B - Virtual size: 404B

.data
Size: 512B - Virtual size: 20B

.reloc
Size: 512B - Virtual size: 108B

.data
Size: 1024B - Virtual size: 1024B

.data
Size: 512B - Virtual size: 88B

UPX0
Size: - Virtual size: 396KB

UPX1
Size: 141KB - Virtual size: 144KB

.rsrc
Size: 159KB - Virtual size: 160KB