xorist | 75191b0312aebc9d5fe6d03e8811a11b_JaffaCakes118 | Triage

Sharing

General

Target

75191b0312aebc9d5fe6d03e8811a11b_JaffaCakes118
Size

7KB
MD5

75191b0312aebc9d5fe6d03e8811a11b
SHA1

1665498c8373958239b5a1d524edca8babcdd203
SHA256

9103d39318bd1735df2eb88db26011c7d7ab6ba5c62a6703f8c71b6dd3049fbd
SHA512

c737fa9d0f659c16beec70cbaab390d09ca66f8a2fc706a366851fca47836af8da1e730ed26d5b969688921b5eaf35d6aa6c06e9965fee34c2f2068904215df6
SSDEEP

96:cSZhl8wdS+r3yOYW189fTwUVF0CWHyjk8P1LOmjXfihExZ9q8p8SAtV/p97pvpE+:5zdrr1FG1WDCgmjPZZFpkVxj2FMUA

Score

10^/10

upx xorist

Malware Config

Signatures

Detected Xorist Ransomware 1 IoCs

resource	yara_rule
static1/unpack001/out.upx	family_xorist

Xorist family
xorist

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
75191b0312aebc9d5fe6d03e8811a11b_JaffaCakes118
unpack001/out.upx

Files

75191b0312aebc9d5fe6d03e8811a11b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE