282c8e7e5a1c1ee4dd687494ff903da3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

282c8e7e5a1c1ee4dd687494ff903da3_JaffaCakes118
Size

29KB
MD5

282c8e7e5a1c1ee4dd687494ff903da3
SHA1

463ca29700c683ae84b20cb3e9d95618b83d5753
SHA256

6645cdff753a535f393b421cab812c894efb42275e0690ba2334b62f4034c0f3
SHA512

aaf7d71b1b0e33a00b4c5b590424fe7770b7a51901eeafffae8c272f2f5bac02ad8717013c07dd5ec2fd315a973e91fc94e53daf850316d98b37d54b4d2ffbb8
SSDEEP

768:+7XuFL7IVFmEr3vjrnb7KMjlGEpB67h+FfItEfAA9:+zuFadbbbb+MZGqfqEfAA9

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/hsyn/go.dat	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/hsyn/go.dat
unpack001/hsyn/hsyn.exe

Files

282c8e7e5a1c1ee4dd687494ff903da3_JaffaCakes118
.zip
hsyn/##ע##.txt
hsyn/77169.orgʹð˵.txt
hsyn/77169.org˵.htm
.html
hsyn/go.dat
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
hsyn/hsyn.exe
.exe windows:4 windows x86 arch:x86

ef054d16b201e37d51a24a8f52ed9048

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaFreeVar
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaStrCat
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
_adj_fpatan
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarDup
__vbaFpI4
_CIatan
__vbaStrMove
_allmul
_CItan
_CIexp

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
hsyn/ĺڿͬ.url

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.3MB

UPX1 Size: 16KB - Virtual size: 16KB

.rsrc Size: 2KB - Virtual size: 4KB

ef054d16b201e37d51a24a8f52ed9048

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 16KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 2KB

UPX0
Size: - Virtual size: 1.3MB

UPX1
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 2KB - Virtual size: 4KB

.text
Size: 16KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 2KB