f9d9606cb11d5332000e082c5a2fea6c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f9d9606cb11d5332000e082c5a2fea6c_JaffaCakes118
Size

778KB
MD5

f9d9606cb11d5332000e082c5a2fea6c
SHA1

e1c6597c2d91d1053e8e57593c5e5869b3ec158c
SHA256

aa956b696c3a60e74c4a2c8556952820461c2664c419d1561764d4333ca37f20
SHA512

a3e0032f91fe6366d689f8a5e7cd902139435038450d2d324c0d4ae92308ed1bce25d0289d8768bb5ce3dabfbce2a7e0ada34423bf4518ea1422fa22c6d6ab3d
SSDEEP

12288:/Lppy+p5WKBmzEPls2uIadm+BxUwNWh2RXVOjQMLg1qPRIZ0:jDH0zEtFuIadXxUoWh2LM0YOm

Score

5^/10

upx

Malware Config

Signatures

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
static1/unpack002/out.upx	autoit_exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/ReSystem/ReSystem_X32.exe	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ReSystem/ReSystem_X32.exe
unpack002/out.upx
unpack001/ReSystem/ReSystem_X64.exe

Files

f9d9606cb11d5332000e082c5a2fea6c_JaffaCakes118
.rar
ReSystem/ReSystem_X32.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 788KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 263KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 353KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 512KB - Virtual size: 512KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 356KB - Virtual size: 355KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ReSystem/ReSystem_X64.exe
.exe windows:5 windows x64 arch:x64

e57fc6312ca3ab50d2df0dc1e0e64207

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

wsock32

__WSAFDIsSet

version

VerQueryValueW

winmm

timeGetTime

comctl32

ImageList_Remove

mpr

WNetGetConnectionW

wininet

FtpOpenFileW

psapi

EnumProcesses

userenv

LoadUserProfileW

user32

GetDC

gdi32

LineTo

comdlg32

GetSaveFileNameW

advapi32

GetAce

shell32

DragFinish

ole32

CoInitialize

oleaut32

SafeArrayAllocData

Sections

.MPRESS1
Size: 282KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 351KB - Virtual size: 350KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ReSystem/Readme.txt
ReSystem/Res/Icon.ico

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 788KB

UPX1 Size: 263KB - Virtual size: 264KB

.rsrc Size: 353KB - Virtual size: 356KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 512KB - Virtual size: 512KB

.rdata Size: 54KB - Virtual size: 54KB

.data Size: 26KB - Virtual size: 105KB

.rsrc Size: 356KB - Virtual size: 355KB

e57fc6312ca3ab50d2df0dc1e0e64207

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

wsock32

version

winmm

comctl32

mpr

wininet

psapi

userenv

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.MPRESS1 Size: 282KB - Virtual size: 1.2MB

.MPRESS2 Size: 4KB - Virtual size: 3KB

.rsrc Size: 351KB - Virtual size: 350KB

UPX0
Size: - Virtual size: 788KB

UPX1
Size: 263KB - Virtual size: 264KB

.rsrc
Size: 353KB - Virtual size: 356KB

.text
Size: 512KB - Virtual size: 512KB

.rdata
Size: 54KB - Virtual size: 54KB

.data
Size: 26KB - Virtual size: 105KB

.rsrc
Size: 356KB - Virtual size: 355KB

.MPRESS1
Size: 282KB - Virtual size: 1.2MB

.MPRESS2
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 351KB - Virtual size: 350KB