2ca21f2e571f7f5359d5538aa4569b7e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2ca21f2e571f7f5359d5538aa4569b7e_JaffaCakes118
Size

1.9MB
MD5

2ca21f2e571f7f5359d5538aa4569b7e
SHA1

da8eaeaeaec8516660140e790ce48efea55ba12b
SHA256

fab11eb43f857bbbca81eba1b79a72984d9eb6105285585ce939d2a7d6e1bb7b
SHA512

2ad237b0d6d16bdf3be5028278337e94f7097daaf4e3dd1d6d19c0c3834f1ab4299a48a4b52a9dd341e1d3274d131e76b988a325ffceb3856589e28a95e8c618
SSDEEP

49152:YSStQYc8x/c3t1Js7U/ybWQ4NSUm7GrZtOInJ9gsUXpxf:a+Y/x/c9MU/TjK6dhXmxf

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/dengni_YYduokai/等你YY多开器.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/dengni_YYduokai/等你YY多开器.exe
unpack002/out.upx

Files

2ca21f2e571f7f5359d5538aa4569b7e_JaffaCakes118
.rar
dengni_YYduokai/河源下载站-cngr.cn.url
.url
dengni_YYduokai/淘宝热卖.url
.url
dengni_YYduokai/等你YY多开器.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 434KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ