f02f41187b5e6e67cf061b70d94ff73c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f02f41187b5e6e67cf061b70d94ff73c_JaffaCakes118
Size

140KB
MD5

f02f41187b5e6e67cf061b70d94ff73c
SHA1

aca9f737546e09a6790e8651033303ef2178f571
SHA256

dc808a484ea1161d526d063ec25eb77b0b013ab811409654a14adea37de5e15c
SHA512

04de25b279113db6b625d0f295ad52a9da16c3b307ba80d63399be2de12c865d4d956681ed5ef851ecda730e69ab93967651c8f325db2204a565ebd1b4579981
SSDEEP

1536:Bpmm3YId7RALhsYJ7ONHHyrzQQvjbhQGFCeb8/jqLmfygphMU2O5XdfIv7kinpgK:71NLAf7ONnAzhh0ebrXU2O5X0wn84goG

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f02f41187b5e6e67cf061b70d94ff73c_JaffaCakes118

Files

f02f41187b5e6e67cf061b70d94ff73c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

fd218cf6b71d15acb76ecd1e1a966e02

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

tapicfg.pdb

Imports

msvcrt

fflush
_iob
_except_handler3
wprintf
wcschr
_c_exit
_exit
_XcptFilter
_cexit
exit
__winitenv
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_local_unwind2
_wcsicmp
wcslen
wcscpy
wcscat
_controlfp
toupper
free
malloc
_itow
setlocale
sprintf

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW

kernel32

GetStdHandle
GetConsoleScreenBufferInfo
SetThreadUILanguage
GetConsoleOutputCP
LocalFree
SetUnhandledExceptionFilter
GetLastError
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
FormatMessageW
LocalAlloc
UnhandledExceptionFilter

ntdsapi

DsCrackNamesW
DsFreeNameResultW

rpcrt4

RpcStringFreeW
UuidToStringW
UuidCreate

wldap32

ord145
ord73
ord13
ord157
ord118
ord18
ord155
ord147
ord27
ord12
ord14
ord208
ord26
ord21
ord140
ord41
ord65
ord133
ord69
ord113
ord224

user32

wsprintfW

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fd218cf6b71d15acb76ecd1e1a966e02

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

ntdsapi

rpcrt4

wldap32

user32

Sections

.text Size: 16KB - Virtual size: 15KB

.data Size: 512B - Virtual size: 17KB

.rsrc Size: 14KB - Virtual size: 14KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 16KB - Virtual size: 15KB

.data
Size: 512B - Virtual size: 17KB

.rsrc
Size: 14KB - Virtual size: 14KB

.UPX0
Size: 108KB - Virtual size: 260KB