3a45f83902cde77ddaf7f06246bec936_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3a45f83902cde77ddaf7f06246bec936_JaffaCakes118
Size

374KB
MD5

3a45f83902cde77ddaf7f06246bec936
SHA1

9f4fbea03a4c5a07a61312252f6e4bb3e04c0172
SHA256

ab7d05110eac41126d715b4fe8b5cbc1a418d1dc2bb1bd6baf38fc5d67b63430
SHA512

a4385f83aa533ee401388ac2150537cee2eaf222253987a45ba7ba9acadaed7e30470c07cf1dbff1964cd9dbafa7e91f30c16628646e1dbe7e904ca047ccd913
SSDEEP

6144:g5vX85Y53pEC+L+pbKpbuXtd/n8Waxwlm8yu5PITyGq6Rrk7NAGTf7kv7TNopL8e:EyY53pFpO6/8W7lJ5gFq6R4Ndfgvxz0f

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/yulihubot1.1/yulihubot1.1/yulihubot1.1/yulihubot1.1/ylhbotedit.exe	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/yulihubot1.1/yulihubot1.1/yulihubot1.1/yulihubot1.1/ylhbotedit.exe
unpack001/yulihubot1.1/yulihubot1.1/yulihubot1.1/yulihubot1.1/ylhbotserver.exe

Files

3a45f83902cde77ddaf7f06246bec936_JaffaCakes118
.zip
yulihubot1.1/yulihubot1.1/77169.orgʹð˵.txt
yulihubot1.1/yulihubot1.1/77169.org˵.htm
.html
yulihubot1.1/yulihubot1.1/yulihubot1.1/77169.orgʹð˵.txt
yulihubot1.1/yulihubot1.1/yulihubot1.1/77169.org˵.htm
.html
yulihubot1.1/yulihubot1.1/yulihubot1.1/yulihubot1.1/77169.orgʹð˵.txt
yulihubot1.1/yulihubot1.1/yulihubot1.1/yulihubot1.1/77169.org˵.htm
.html
yulihubot1.1/yulihubot1.1/yulihubot1.1/yulihubot1.1/ylhbotedit.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 500KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PP1
Size: 324KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
yulihubot1.1/yulihubot1.1/yulihubot1.1/yulihubot1.1/ylhbotserver.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

�0H0
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

P0X1
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
yulihubot1.1/yulihubot1.1/yulihubot1.1/yulihubot1.1/ʹ˵.txt
yulihubot1.1/yulihubot1.1/yulihubot1.1/yulihubot1.1/ĺڿͬ.url
yulihubot1.1/yulihubot1.1/yulihubot1.1/ĺڿͬ.url
yulihubot1.1/yulihubot1.1/ĺڿͬ.url

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 500KB

PP1 Size: 324KB - Virtual size: 324KB

.rsrc Size: 5KB - Virtual size: 8KB

Headers

File Characteristics

Sections

�0H0 Size: - Virtual size: 64KB

P0X1 Size: 30KB - Virtual size: 32KB

.rsrc Size: 1024B - Virtual size: 4KB

UPX0
Size: - Virtual size: 500KB

PP1
Size: 324KB - Virtual size: 324KB

.rsrc
Size: 5KB - Virtual size: 8KB

�0H0
Size: - Virtual size: 64KB

P0X1
Size: 30KB - Virtual size: 32KB

.rsrc
Size: 1024B - Virtual size: 4KB