f52a8b3416fc6c79573f3ba183c04aeb_JaffaCakes118

General

Target

f52a8b3416fc6c79573f3ba183c04aeb_JaffaCakes118
Size

41KB
MD5

f52a8b3416fc6c79573f3ba183c04aeb
SHA1

0f4f16ae3a57a8f1a5a6db6489d79ee3e7b408af
SHA256

e4425a976c5f5a01029184d96cede4678bcf1499ba4bc3e464ce7ccdd13d7ffe
SHA512

f63dfe811bc6296d1e2426b8b19f985a05f6889ab52b200088547f558d4703b83780f858bd990d92c1b6c81962959e0f2fd1ad4665448713177532d7ea57bc70
SSDEEP

768:tefi7HLaei7NIv7E4p8RmGxVBAcUsYqAR:cq7HL9i7NIjNp8Rmc+cs

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f52a8b3416fc6c79573f3ba183c04aeb_JaffaCakes118

Files

f52a8b3416fc6c79573f3ba183c04aeb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

37368ad05bad4b0c35ca69e4a24fcd32

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
GetStartupInfoA
GetModuleHandleA
LoadLibraryA
GetProcAddress
GetVersionExA
FindResourceA
LoadResource
GetWindowsDirectoryA
GetPrivateProfileSectionA
GetPrivateProfileStringA
GetComputerNameA
GetLocalTime
GetTimeZoneInformation
ExitProcess
Sleep
GetModuleFileNameA
GetSystemDirectoryA
CopyFileA

advapi32

GetUserNameA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

mfc42

msvcrt

ftell
strncpy
fclose
_except_handler3
_controlfp
__p__commode
__set_app_type
__p__fmode
_initterm
_adjust_fdiv
__setusermatherr
exit
__getmainargs
_acmdln
_onexit
_XcptFilter
_exit
fseek
__dllonexit
fopen
fread
strlen
abs
strcat
fwrite
strstr
sprintf
memset
strcpy
_EH_prolog
__CxxFrameHandler
memcmp
??3@YAXPAX@Z
??2@YAPAXI@Z
memcpy
strrchr
_setmbcp
_itoa
_stricmp

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA

user32

UpdateWindow
SendMessageA
WinHelpA
EnableWindow
CharLowerA
GetWindowTextA
GetForegroundWindow

wsock32

Sections

UPX0
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

37368ad05bad4b0c35ca69e4a24fcd32

Headers

File Characteristics

Imports

kernel32

advapi32

mfc42

msvcrt

shell32

user32

wsock32

Sections

UPX0 Size: 36KB - Virtual size: 36KB

.rsrc Size: 2KB - Virtual size: 4KB

.avp Size: 2KB - Virtual size: 4KB

UPX0
Size: 36KB - Virtual size: 36KB

.rsrc
Size: 2KB - Virtual size: 4KB

.avp
Size: 2KB - Virtual size: 4KB