3b2a2df927a4302c2939f0d9a484ce0f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3b2a2df927a4302c2939f0d9a484ce0f_JaffaCakes118
Size

1.0MB
MD5

3b2a2df927a4302c2939f0d9a484ce0f
SHA1

f0f4e1c21b9711b72923c8b96e8325d8807ba026
SHA256

5fb3606c104ef9ba8538800443a6d1a86674c001dfee56254fecab9029af74ce
SHA512

db5b6bdf216bc6a8c5b156efffad113b1019480f3c3ef063a025553a21106f1d32800e769e46c40333d3056ee57e3f98a1a19c0a0989ee860eb435b465a25f4d
SSDEEP

24576:oo2Huxv3mTnRhpMXTBdOS+hmbz63uhoTAn69ScIiln7OD+8F75qLHtm:SOx/aRhpMdoV6sLT8mn7OD+y7Etm

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/QQ空间极速人气王v1.3版本/QQ空间极速人气王.exe	upx
static1/unpack001/QQ空间极速人气王v1.3版本/人气软件24小时保护伞.exe	upx

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/QQ空间极速人气王v1.3版本/QQ空间极速人气王.exe
unpack002/out.upx
unpack001/QQ空间极速人气王v1.3版本/update.exe
unpack001/QQ空间极速人气王v1.3版本/人气软件24小时保护伞.exe
unpack003/out.upx

Files

3b2a2df927a4302c2939f0d9a484ce0f_JaffaCakes118
.rar
QQ空间极速人气王v1.3版本/QQ空间极速人气王.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 605KB - Virtual size: 608KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 240KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 132KB - Virtual size: 600KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
QQ空间极速人气王v1.3版本/update.exe
.exe windows:4 windows x86 arch:x86

58faa43a4ab44871048d9c3cbd4853fb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

urlmon

URLDownloadToFileA

msvbvm60

EVENT_SINK_GetIDsOfNames
ord588
MethCallEngine
EVENT_SINK_Invoke
ord518
Zombie_GetTypeInfo
EVENT_SINK2_Release
ord595
ord598
EVENT_SINK_AddRef
ord529
DllFunctionCall
ord670
Zombie_GetTypeInfoCount
EVENT_SINK_Release
ord600
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
ord319
ord537
ord645
EVENT_SINK2_AddRef
ord576
ord685
ord100
ord320
ord321
ord616
ord619

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
QQ空间极速人气王v1.3版本/下载说明.txt
QQ空间极速人气王v1.3版本/人气软件24小时保护伞.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 840KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 432KB - Virtual size: 432KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 564KB - Virtual size: 560KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 260KB - Virtual size: 561KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
QQ空间极速人气王v1.3版本/绿色下载站.url
.url

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.5MB

UPX1 Size: 605KB - Virtual size: 608KB

.rsrc Size: 22KB - Virtual size: 24KB

Headers

File Characteristics

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 240KB - Virtual size: 236KB

.data Size: 132KB - Virtual size: 600KB

.rsrc Size: 44KB - Virtual size: 42KB

58faa43a4ab44871048d9c3cbd4853fb

Headers

File Characteristics

Imports

urlmon

msvbvm60

Sections

.text Size: 40KB - Virtual size: 39KB

.data Size: - Virtual size: 2KB

.rsrc Size: 16KB - Virtual size: 12KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 840KB

UPX1 Size: 432KB - Virtual size: 432KB

.rsrc Size: 14KB - Virtual size: 16KB

Headers

File Characteristics

Sections

.text Size: 564KB - Virtual size: 560KB

.rdata Size: 96KB - Virtual size: 92KB

.data Size: 260KB - Virtual size: 561KB

.rsrc Size: 36KB - Virtual size: 35KB

UPX0
Size: - Virtual size: 1.5MB

UPX1
Size: 605KB - Virtual size: 608KB

.rsrc
Size: 22KB - Virtual size: 24KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 240KB - Virtual size: 236KB

.data
Size: 132KB - Virtual size: 600KB

.rsrc
Size: 44KB - Virtual size: 42KB

.text
Size: 40KB - Virtual size: 39KB

.data
Size: - Virtual size: 2KB

.rsrc
Size: 16KB - Virtual size: 12KB

UPX0
Size: - Virtual size: 840KB

UPX1
Size: 432KB - Virtual size: 432KB

.rsrc
Size: 14KB - Virtual size: 16KB

.text
Size: 564KB - Virtual size: 560KB

.rdata
Size: 96KB - Virtual size: 92KB

.data
Size: 260KB - Virtual size: 561KB

.rsrc
Size: 36KB - Virtual size: 35KB