darkcomet | 45c7ee4bed00a5fd364b477e874fc849_JaffaCakes118 | Triage

Sharing

General

Target

45c7ee4bed00a5fd364b477e874fc849_JaffaCakes118
Size

383KB
MD5

45c7ee4bed00a5fd364b477e874fc849
SHA1

b5f3d363663b4a30302f7aa0bd71a091b9c72c04
SHA256

efa221bd1f00a64e77ac1963987bd7a2ec1b96cb449970d0f01c98938ebdb6a4
SHA512

d3dc25bbc2f0a76dc27691c334d9602d268622bcf509665bc9c4442bdab67b9b983bf4a33b8aa7a9efc004d79989beb7067d0f9d4c18c7358fadd12e4a7c1001
SSDEEP

6144:szLhp3fD0scN5iULQQTFwK2BA/iV3W7x/JkpnyG88HpdFIB0MDXMe7uLZ1IMGIGW:khpvotN5VLQQKeiLyG8afFC0MDXMe7OH

Score

10^/10

upx darkcomet

Malware Config

Signatures

Darkcomet family
darkcomet

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
45c7ee4bed00a5fd364b477e874fc849_JaffaCakes118
unpack001/out.upx

Files

45c7ee4bed00a5fd364b477e874fc849_JaffaCakes118
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 396KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 381KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 706KB - Virtual size: 706KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ