06ee9ac9b46eae698b09ffa64bf00257_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

06ee9ac9b46eae698b09ffa64bf00257_JaffaCakes118
Size

56KB
MD5

06ee9ac9b46eae698b09ffa64bf00257
SHA1

557ba7443126487802ef3658ecfd004854c6ff8c
SHA256

1a8757d447c6a9cbfe22aa3c232e9b215d3b9bb25e5cc06e3bad0b3f5847ccc9
SHA512

6e50cf66b1b3dd5a62296ea1699b8def978046844f5340eee23e10a041939f551b85cb04ba5b167ffe1f5607d4af5efdb9a980c3f311820b6d8a6882c6ba4a14
SSDEEP

1536:3+6fDWv50fmeqrx5IaPloIpgR6bvyvlU1IX0YCKof7T:O6fq5eq7ZPloI1ry9vkYc7T

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/602.SQL.Server.v9.5.1.0427.Linux.Incl.Keygen.CZECH-rG/rg-s6sql.exe	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/602.SQL.Server.v9.5.1.0427.Linux.Incl.Keygen.CZECH-rG/rg-s6sql.exe

Files

06ee9ac9b46eae698b09ffa64bf00257_JaffaCakes118
.zip
602.SQL.Server.v9.5.1.0427.Linux.Incl.Keygen.CZECH-rG/file_id.diz
602.SQL.Server.v9.5.1.0427.Linux.Incl.Keygen.CZECH-rG/rg-s6sql.exe
.exe windows:4 windows x86 arch:x86

9c8decf3582072f6edfc385a689f44f4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateDirectoryA
CreateFileA
DeleteFileA
ExitProcess
FreeLibrary
GetCommandLineA
GetFileTime
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetWindowsDirectoryA
LoadLibraryA
lstrcatA
lstrcmpiA
RemoveDirectoryA
SetFileTime
VirtualAlloc
VirtualFree
WriteFile

Sections

UPX0
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
602.SQL.Server.v9.5.1.0427.Linux.Incl.Keygen.CZECH-rG/rg.nfo
keygen.nfo