3ff28191f23eea9a4cd5b21d975666cc_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3ff28191f23eea9a4cd5b21d975666cc_JaffaCakes118
Size

449KB
MD5

3ff28191f23eea9a4cd5b21d975666cc
SHA1

f8fc19eccc3a7d3610c85a07c11a22a2d066ac5b
SHA256

164ed5036183aeeb14fdbf77a3edbb3eaa482884345ac20accf12c0922796cd2
SHA512

2ca6450304901c73d8175f8ddd902a1c531de0b5a25df9d33f1909a60ccce56ba7558a66efe1285801d03f05e2d9b5617a474ee2fd01133a7f094d3b2bca4bd4
SSDEEP

12288:G842In13Gq2l0otfCfjfHKDN1+RUPOXOagVpZLJR:H0ZNkCrY+ePDpZLJR

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/exdata/PS3_Game_Integrity.exe	upx
static1/unpack001/exdata/ps3keys.exe	upx

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/exdata/PS3_Game_Integrity.exe
unpack002/out.upx
unpack001/exdata/delete_dups.exe
unpack001/exdata/ps3keys.exe
unpack003/out.upx

Files

3ff28191f23eea9a4cd5b21d975666cc_JaffaCakes118
.rar
exdata/PS3_Game_Integrity.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 280KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 86KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 304KB - Virtual size: 304KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
exdata/delete_dups.exe
.exe windows:4 windows x86 arch:x86

8a5f63aad17155e7174465e61ddce6fa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm50

_CIcos
_adj_fptan
__vbaVarMove
__vbaHresultCheck
__vbaStrI4
__vbaVarVargNofree
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
ord696
__vbaEnd
ord697
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
ord516
ord517
_adj_fprem1
__vbaRecAnsiToUni
ord519
__vbaStrCat
__vbaRecDestruct
__vbaSetSystemError
__vbaLenBstrB
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaOnError
__vbaStrLike
__vbaCyAdd
__vbaObjSet
ord595
_adj_fdiv_m16i
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
__vbaRefVarAry
__vbaBoolVarNull
_CIsin
ord631
ord632
ord525
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaGet3
ord529
__vbaVarTstEq
__vbaCyI4
ord561
__vbaVarLikeVar
DllFunctionCall
ord564
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaRedim
__vbaR8Cy
__vbaRecUniToAnsi
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaVarDiv
__vbaFPException
__vbaUbound
__vbaStrVarVal
__vbaVarCat
ord644
ord537
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaInStr
__vbaNew2
__vbaVarInt
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
ord685
ord578
ord100
ord579
__vbaFpCy
__vbaVarAdd
__vbaStrToAnsi
__vbaStrComp
ord616
__vbaVarCopy
__vbaRecDestructAnsi
_CIatan
ord618
__vbaStrMove
__vbaCastObj
_allmul
_CItan
_CIexp
__vbaMidStmtBstr
ord580
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
exdata/descriptions-md5.txt
exdata/descriptions-sha-1.txt
exdata/ps3keys.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 288KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 85KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 322KB - Virtual size: 322KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
exdata/raps.md5
exdata/remove bad files from exdata.bat
.bat .vbs

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 280KB

UPX1 Size: 86KB - Virtual size: 88KB

.rsrc Size: 6KB - Virtual size: 8KB

Headers

File Characteristics

Sections

.text Size: 304KB - Virtual size: 304KB

.data Size: 512B - Virtual size: 5KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 27KB - Virtual size: 27KB

8a5f63aad17155e7174465e61ddce6fa

Headers

File Characteristics

Imports

msvbvm50

Sections

.text Size: 16KB - Virtual size: 15KB

.data Size: 512B - Virtual size: 2KB

.idata Size: 2KB - Virtual size: 2KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 3KB - Virtual size: 3KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 288KB

UPX1 Size: 85KB - Virtual size: 88KB

.rsrc Size: 6KB - Virtual size: 8KB

Headers

File Characteristics

Sections

.text Size: 322KB - Virtual size: 322KB

.data Size: 512B - Virtual size: 3KB

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 27KB - Virtual size: 27KB

UPX0
Size: - Virtual size: 280KB

UPX1
Size: 86KB - Virtual size: 88KB

.rsrc
Size: 6KB - Virtual size: 8KB

.text
Size: 304KB - Virtual size: 304KB

.data
Size: 512B - Virtual size: 5KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 27KB - Virtual size: 27KB

.text
Size: 16KB - Virtual size: 15KB

.data
Size: 512B - Virtual size: 2KB

.idata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 3KB - Virtual size: 3KB

UPX0
Size: - Virtual size: 288KB

UPX1
Size: 85KB - Virtual size: 88KB

.rsrc
Size: 6KB - Virtual size: 8KB

.text
Size: 322KB - Virtual size: 322KB

.data
Size: 512B - Virtual size: 3KB

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 27KB - Virtual size: 27KB