43355c9247e0cec68d0974e42b19ef67_JaffaCakes118

General

Target

43355c9247e0cec68d0974e42b19ef67_JaffaCakes118
Size

640KB
MD5

43355c9247e0cec68d0974e42b19ef67
SHA1

3453120bf74a5fc8b0bc3f568e07c3530013807f
SHA256

3ead447086fe6e36451066ccb011ede2318eec983ebebab141c80ad4f5896164
SHA512

e2682e3ebb0949aa01edeeb682bbacf8c5ab8c6e9aa977f50a98d817dd21bea4f665ca385c20724e1eefdc26beddec276f31d3eb22e80e2c2e2006d43148f750
SSDEEP

12288:RsdjqM6H4v6mR8COageJ7AZW8C/Mr3RCl8ypzmQE6:4jqZY6mRjHZq13V8mQE6

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/天堂7秒点1.exe	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/天堂7秒点.exe
unpack001/天堂7秒点1.exe
unpack002/out.upx

Files

43355c9247e0cec68d0974e42b19ef67_JaffaCakes118
.rar
天堂7秒点.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

cnm0
Size: - Virtual size: 632KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

cnm1
Size: 331KB - Virtual size: 332KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cnm
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
天堂7秒点1.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 560KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 280KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 488KB - Virtual size: 485KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

cnm0 Size: - Virtual size: 632KB

cnm1 Size: 331KB - Virtual size: 332KB

.rsrc Size: 37KB - Virtual size: 40KB

.cnm Size: 512B - Virtual size: 512B

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 560KB

UPX1 Size: 280KB - Virtual size: 280KB

.rsrc Size: 29KB - Virtual size: 32KB

Headers

File Characteristics

Sections

.text Size: 488KB - Virtual size: 485KB

.rdata Size: 112KB - Virtual size: 110KB

.data Size: 60KB - Virtual size: 182KB

.rsrc Size: 44KB - Virtual size: 44KB

cnm0
Size: - Virtual size: 632KB

cnm1
Size: 331KB - Virtual size: 332KB

.rsrc
Size: 37KB - Virtual size: 40KB

.cnm
Size: 512B - Virtual size: 512B

UPX0
Size: - Virtual size: 560KB

UPX1
Size: 280KB - Virtual size: 280KB

.rsrc
Size: 29KB - Virtual size: 32KB

.text
Size: 488KB - Virtual size: 485KB

.rdata
Size: 112KB - Virtual size: 110KB

.data
Size: 60KB - Virtual size: 182KB

.rsrc
Size: 44KB - Virtual size: 44KB