183ae0a5d45644d70ef87c164a933f1c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

183ae0a5d45644d70ef87c164a933f1c_JaffaCakes118
Size

832KB
MD5

183ae0a5d45644d70ef87c164a933f1c
SHA1

ee656ad7e2318bd82fe64cd4c30a9acd876fa788
SHA256

eb46ac69b3104f3cff1bf8321bacce6944e2b7bb23e946c901d385e5a0a49244
SHA512

ff3d4e9e80e250af2bbbf40368cbe37e8e0176d6b9c8f8c50886cb7a5f2e8c1fbf7b93db5a1cd19cd4d277a3711799f38557d7880ee72c2164902c0cc663a599
SSDEEP

24576:OJ036yDWgGjSeq5jY/+1otM9tOlteAS1B:OJ0qyDWgEtt+1otne5B

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/QQsend2010-41/QQsend2010.exe	upx
static1/unpack001/QQsend2010-41/rout.dll	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/QQsend2010-41/QQsend2010.exe
unpack001/QQsend2010-41/rout.dll
unpack003/out.upx

Files

183ae0a5d45644d70ef87c164a933f1c_JaffaCakes118
.rar
QQsend2010-41/QQsend2010.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 508KB - Virtual size: 512KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
QQsend2010-41/back.dat
.jpg
QQsend2010-41/back/0000.gif
QQsend2010-41/back/0001.gif
QQsend2010-41/back/0002.gif
.gif
QQsend2010-41/back/0003.gif
QQsend2010-41/back/0004.gif
QQsend2010-41/back/0005.gif
QQsend2010-41/back/0006.gif
QQsend2010-41/back/0007.gif
QQsend2010-41/back/0008.gif
QQsend2010-41/back/0009.gif
.gif
QQsend2010-41/back/0010.gif
.gif
QQsend2010-41/back/0011.gif
QQsend2010-41/back/0012.gif
QQsend2010-41/back/0013.gif
QQsend2010-41/back/0014.gif
QQsend2010-41/back/0015.gif
QQsend2010-41/back/0016.gif
QQsend2010-41/back/0017.gif
.gif
QQsend2010-41/back/0018.gif
QQsend2010-41/back/0019.gif
QQsend2010-41/back/0020.gif
QQsend2010-41/back/0021.gif
.gif
QQsend2010-41/back/0022.gif
QQsend2010-41/back/0023.gif
.gif
QQsend2010-41/back/0024.gif
.gif
QQsend2010-41/back/0025.gif
QQsend2010-41/back/0026.gif
.gif
QQsend2010-41/back/0027.gif
.gif
QQsend2010-41/back/0028.gif
.gif
QQsend2010-41/back/0029.gif
.gif
QQsend2010-41/back/0030.gif
QQsend2010-41/back/0031.gif
.gif
QQsend2010-41/back/0032.gif
QQsend2010-41/back/0033.gif
.gif
QQsend2010-41/back/0034.gif
.gif
QQsend2010-41/back/0035.gif
QQsend2010-41/back/0036.gif
QQsend2010-41/back/0037.gif
.gif
QQsend2010-41/back/0038.gif
QQsend2010-41/back/0039.gif
QQsend2010-41/back/0040.gif
QQsend2010-41/back/0041.gif
QQsend2010-41/back/0042.gif
QQsend2010-41/back/0043.gif
QQsend2010-41/back/0044.gif
QQsend2010-41/back/0045.gif
QQsend2010-41/back/0046.gif
.gif
QQsend2010-41/back/0047.gif
QQsend2010-41/back/0048.gif
QQsend2010-41/back/0049.gif
QQsend2010-41/back/0050.gif
QQsend2010-41/back/0051.gif
QQsend2010-41/back/0052.gif
QQsend2010-41/back/0053.gif
QQsend2010-41/back/0054.gif
QQsend2010-41/back/0055.gif
QQsend2010-41/back/0056.gif
QQsend2010-41/back/Thumbs.db
QQsend2010-41/rout.dll
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 420KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 241KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 428KB - Virtual size: 427KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
QQsend2010-41/send.dat
一起下.url
.url

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.1MB

UPX1 Size: 508KB - Virtual size: 512KB

.rsrc Size: 17KB - Virtual size: 20KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 420KB

UPX1 Size: 241KB - Virtual size: 244KB

.rsrc Size: 5KB - Virtual size: 8KB

Headers

File Characteristics

Sections

.text Size: 428KB - Virtual size: 427KB

.rdata Size: 68KB - Virtual size: 65KB

.data Size: 60KB - Virtual size: 133KB

.rsrc Size: 20KB - Virtual size: 19KB

UPX0
Size: - Virtual size: 1.1MB

UPX1
Size: 508KB - Virtual size: 512KB

.rsrc
Size: 17KB - Virtual size: 20KB

UPX0
Size: - Virtual size: 420KB

UPX1
Size: 241KB - Virtual size: 244KB

.rsrc
Size: 5KB - Virtual size: 8KB

.text
Size: 428KB - Virtual size: 427KB

.rdata
Size: 68KB - Virtual size: 65KB

.data
Size: 60KB - Virtual size: 133KB

.rsrc
Size: 20KB - Virtual size: 19KB