ebeb1d9591e22ce838284e67c01e6784_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ebeb1d9591e22ce838284e67c01e6784_JaffaCakes118
Size

483KB
MD5

ebeb1d9591e22ce838284e67c01e6784
SHA1

ef1bf0b44c638fb79336f8a1ca398599a653779d
SHA256

c18d26df723627ba7377be46369d1bca8527eee38bbb6d659ce9e09978a3927d
SHA512

2f13f932aa07aecbb52bfe7a7e9473f4a06fbdbd2177292d654db3ab40c6e495257b2b00942ea7d8ea21cc9d607a75e71e2b2a95d9a427487aa6c83a8459f727
SSDEEP

6144:hjIeD6ski+C+KG/M7AyLYwj7GN9bHni0uyUojHk:hjIeDp+C+Khsy8eZ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ebeb1d9591e22ce838284e67c01e6784_JaffaCakes118

Files

ebeb1d9591e22ce838284e67c01e6784_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a647537fc82040cdba84b223b9dc88f2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateProcess
WaitForSingleObject
Sleep
TerminateThread
GetExitCodeThread
CreateThread
OpenProcess
ExitProcess
GetLastError
LoadLibraryA
MulDiv
GetCurrentThreadId
lstrlenA
CloseHandle
FreeResource
GetProcAddress
GetLocaleInfoA
FindResourceA
LoadResource
LockResource
GetWindowsDirectoryA
CreateFileA
WriteFile
CopyFileA
GetCommandLineA
ExitThread
SizeofResource
GetCurrentProcess
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetEnvironmentStrings
UnhandledExceptionFilter
GetModuleFileNameA
SetLastError
TlsGetValue
TlsSetValue
SetStdHandle
TlsAlloc
GetStdHandle
SetHandleCount
GetFileType
VirtualAlloc
SetFilePointer
DeleteCriticalSection
InitializeCriticalSection
HeapCreate
HeapDestroy
VirtualFree
GetVersion
GetStartupInfoA
ReadFile
HeapSize
HeapReAlloc
GetModuleHandleA
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
GetSystemTime
SetEnvironmentVariableA
CompareStringW
CompareStringA
LCMapStringW
LCMapStringA
SetEndOfFile
GetOEMCP
GetACP
LeaveCriticalSection
MultiByteToWideChar
GetLocalTime
GetCPInfo
GetStringTypeW
GetStringTypeA
FlushFileBuffers
RtlUnwind
HeapFree
GetTimeZoneInformation
HeapAlloc
EnterCriticalSection

advapi32

RegCloseKey
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA

gdi32

CreateFontA
SetBkMode
SelectObject
CreateSolidBrush
GetStockObject
GetDeviceCaps

shell32

ShellExecuteA

user32

SetDlgItemTextA
GetClassNameA
MessageBoxA
SendMessageA
EndDialog
SendDlgItemMessageA
GetDC
GetDlgItem
ReleaseDC
InvalidateRect
FindWindowA
DialogBoxParamA
EnumWindows
PostMessageA
GetWindowThreadProcessId
TranslateMessage
GetMessageA
RegisterClassA
DispatchMessageA
LoadCursorA
CreateWindowExA
wsprintfA
SystemParametersInfoA
GetDlgItemTextA
DestroyWindow
PostThreadMessageA
ShowWindow
SetTimer
SetWindowTextA
GetClientRect
DefWindowProcA
BeginPaint
EndPaint
FillRect
DrawTextA
GetWindowTextA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

wsock32

bind
listen
accept
WSACleanup
send
WSAStartup
gethostbyname
setsockopt
connect
recv
shutdown
socket
htons
inet_addr
closesocket
sendto

Sections

UPX0
Size: 472KB - Virtual size: 472KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a647537fc82040cdba84b223b9dc88f2

Headers

File Characteristics

Imports

kernel32

advapi32

gdi32

shell32

user32

version

wsock32

Sections

UPX0 Size: 472KB - Virtual size: 472KB

.rsrc Size: 7KB - Virtual size: 8KB

.avp Size: 3KB - Virtual size: 4KB

UPX0
Size: 472KB - Virtual size: 472KB

.rsrc
Size: 7KB - Virtual size: 8KB

.avp
Size: 3KB - Virtual size: 4KB