00eddf3179d24496d6a411754c07de40_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

00eddf3179d24496d6a411754c07de40_JaffaCakes118
Size

4.6MB
MD5

00eddf3179d24496d6a411754c07de40
SHA1

539b62ed7d5f09ecae358f3bbfc799e4148e6435
SHA256

d190e012b65c5c8c3ce3eb399669dddf3a21e0ae0322835b331730ddf89c9eb8
SHA512

a6a7343e4bd0f0e585b44babdef1ff0d3f78f517070a1984a135245e58c68a73f5930a9f41aa99e9e940ce5383671e506193b98e7257ff32768c61b509ba01c9
SSDEEP

98304:vSmO6zR5CGXWAeM/ckBXR12MkqAuv7ZyuRTj2zv2umLawL5ctIiK5lPr0:lORGXWIFphAuv7ZnjqOumLawFcuJB0

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/InfoManager/InfoManager/InfoManager.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/InfoManager/InfoManager/InfoManager.exe
unpack001/InfoManager/InfoManager/accon.ocx

Files

00eddf3179d24496d6a411754c07de40_JaffaCakes118
.rar
InfoManager/InfoManager/InfoManager.dat
InfoManager/InfoManager/InfoManager.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 4.9MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
InfoManager/InfoManager/InfoManager.ldb
InfoManager/InfoManager/InfoManager.upd
InfoManager/InfoManager/Infomanager.chm
.chm
InfoManager/InfoManager/accon.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

c6a6aab6b55c122a3e43dfd8c1888f74

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetKeyboardType

advapi32

RegQueryValueExA

oleaut32

SysFreeString

gdi32

UnrealizeObject

ole32

CreateStreamOnHGlobal

comctl32

ImageList_SetIconSize

shell32

ShellExecuteA

wsock32

WSACleanup

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

CODE
Size: 198KB - Virtual size: 556KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
InfoManager/InfoManager/default.gif
.gif
InfoManager/InfoManager/default.htm
.html

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 4.9MB

UPX1 Size: 2.0MB - Virtual size: 2.0MB

.rsrc Size: 33KB - Virtual size: 36KB

c6a6aab6b55c122a3e43dfd8c1888f74

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

gdi32

ole32

comctl32

shell32

wsock32

Exports

Exports

Sections

CODE Size: 198KB - Virtual size: 556KB

.rsrc Size: 51KB - Virtual size: 51KB

.rsrc Size: 5KB - Virtual size: 8KB

.reloc Size: 512B - Virtual size: 512B

UPX0
Size: - Virtual size: 4.9MB

UPX1
Size: 2.0MB - Virtual size: 2.0MB

.rsrc
Size: 33KB - Virtual size: 36KB

CODE
Size: 198KB - Virtual size: 556KB

.rsrc
Size: 51KB - Virtual size: 51KB

.rsrc
Size: 5KB - Virtual size: 8KB

.reloc
Size: 512B - Virtual size: 512B