f88ab82ff8a1c5efded90ed134db5de6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f88ab82ff8a1c5efded90ed134db5de6_JaffaCakes118
Size

441KB
MD5

f88ab82ff8a1c5efded90ed134db5de6
SHA1

ffc2bf25509bef4d79e3851c573748c34c96aa5d
SHA256

24e535ce6f253b1b3fca20c6576e829a9b9d250ee91e238e9d94dbe67873f37b
SHA512

acec3a5247fcf155f584b5126e83a435054a44e74e9e4200ffe447b1772afa4e889659ad43ece4516a791e499f07f377546311b8ad1121970c2a8ffa4b531489
SSDEEP

12288:8pl1PNLo88Kd+gHzpFiKXPFLoAD8k+2LBPSaWIyX6ESkEW3j:8p7PNLOKd+g9Fi6PFL+t2VPJAh1

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/18-10-2011/Abefox.com	upx
static1/unpack001/18-10-2011/Comprovante_Boleto10035.com	upx
static1/unpack001/18-10-2011/Orcamento_Materiais.exe	upx
static1/unpack001/18-10-2011/pedido.exe	upx

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
unpack001/18-10-2011/Abefox.com
unpack002/out.upx
unpack001/18-10-2011/Boleto_Impressao_PDF.com
unpack001/18-10-2011/Comprovante_Boleto10035.com
unpack003/out.upx
unpack001/18-10-2011/Orcamento_Materiais.exe
unpack004/out.upx
unpack001/18-10-2011/pedido.exe
unpack005/out.upx

Files

f88ab82ff8a1c5efded90ed134db5de6_JaffaCakes118
.rar
18-10-2011/Abefox.com
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 260KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 149KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 318KB - Virtual size: 317KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
18-10-2011/Boleto_Impressao_PDF.com
.exe windows:4 windows x86 arch:x86

2841dc5196f44081d95fd073bb8eb06d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
ord516
_adj_fprem1
ord519
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
ord666
ord593
__vbaExitProc
ord594
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaBoolVarNull
_CIsin
ord631
__vbaChkstk
EVENT_SINK_AddRef
ord527
__vbaStrCmp
__vbaI2I4
__vbaObjVar
DllFunctionCall
__vbaVarOr
_adj_fpatan
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord712
_adj_fprem
_adj_fdivr_m64
ord608
ord716
__vbaFPException
__vbaInStrVar
__vbaStrVarVal
__vbaVarCat
__vbaI2Var
ord537
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
ord579
__vbaVarCmpEq
__vbaLateMemCall
__vbaVarDup
__vbaFreeVarg
ord616
__vbaFpI4
__vbaVarCopy
__vbaR8IntI2
__vbaLateMemCallLd
_CIatan
ord618
__vbaCastObj
__vbaStrMove
_allmul
_CItan
ord546
_CIexp
__vbaFreeStr
__vbaFreeObj

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
18-10-2011/Comprovante_Boleto10035.com
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 260KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 149KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 318KB - Virtual size: 317KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
18-10-2011/Orcamento_Materiais.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 260KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 107KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 261KB - Virtual size: 261KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 50KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
18-10-2011/pedido.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 716B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 260KB

UPX1 Size: 149KB - Virtual size: 152KB

.rsrc Size: 4KB - Virtual size: 4KB

Headers

File Characteristics

Sections

CODE Size: 318KB - Virtual size: 317KB

DATA Size: 4KB - Virtual size: 4KB

BSS Size: - Virtual size: 3KB

.idata Size: 8KB - Virtual size: 8KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 22KB - Virtual size: 22KB

.rsrc Size: 21KB - Virtual size: 21KB

2841dc5196f44081d95fd073bb8eb06d

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 36KB - Virtual size: 33KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 12KB - Virtual size: 10KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 260KB

UPX1 Size: 149KB - Virtual size: 152KB

.rsrc Size: 4KB - Virtual size: 4KB

Headers

File Characteristics

Sections

CODE Size: 318KB - Virtual size: 317KB

DATA Size: 4KB - Virtual size: 4KB

BSS Size: - Virtual size: 3KB

.idata Size: 8KB - Virtual size: 8KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 22KB - Virtual size: 22KB

.rsrc Size: 21KB - Virtual size: 21KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 260KB

UPX1 Size: 107KB - Virtual size: 108KB

.rsrc Size: 15KB - Virtual size: 16KB

Headers

File Characteristics

Sections

.text Size: 261KB - Virtual size: 261KB

.itext Size: 2KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 8KB

.bss Size: - Virtual size: 50KB

.idata Size: 4KB - Virtual size: 3KB

.tls Size: - Virtual size: 12B

.rdata Size: 512B - Virtual size: 24B

.rsrc Size: 15KB - Virtual size: 14KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 56KB

UPX1 Size: 8KB - Virtual size: 12KB

.rsrc Size: 25KB - Virtual size: 28KB

Headers

File Characteristics

Sections

.text Size: 24KB - Virtual size: 21KB

.data Size: 4KB - Virtual size: 716B

.rsrc Size: 28KB - Virtual size: 24KB

UPX0
Size: - Virtual size: 260KB

UPX1
Size: 149KB - Virtual size: 152KB

.rsrc
Size: 4KB - Virtual size: 4KB

CODE
Size: 318KB - Virtual size: 317KB

DATA
Size: 4KB - Virtual size: 4KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 8KB - Virtual size: 8KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 22KB - Virtual size: 22KB

.rsrc
Size: 21KB - Virtual size: 21KB

.text
Size: 36KB - Virtual size: 33KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 12KB - Virtual size: 10KB

UPX0
Size: - Virtual size: 260KB

UPX1
Size: 149KB - Virtual size: 152KB

.rsrc
Size: 4KB - Virtual size: 4KB

CODE
Size: 318KB - Virtual size: 317KB

DATA
Size: 4KB - Virtual size: 4KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 8KB - Virtual size: 8KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 22KB - Virtual size: 22KB

.rsrc
Size: 21KB - Virtual size: 21KB

UPX0
Size: - Virtual size: 260KB

UPX1
Size: 107KB - Virtual size: 108KB

.rsrc
Size: 15KB - Virtual size: 16KB

.text
Size: 261KB - Virtual size: 261KB

.itext
Size: 2KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 8KB

.bss
Size: - Virtual size: 50KB

.idata
Size: 4KB - Virtual size: 3KB

.tls
Size: - Virtual size: 12B

.rdata
Size: 512B - Virtual size: 24B

.rsrc
Size: 15KB - Virtual size: 14KB

UPX0
Size: - Virtual size: 56KB

UPX1
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 25KB - Virtual size: 28KB

.text
Size: 24KB - Virtual size: 21KB

.data
Size: 4KB - Virtual size: 716B

.rsrc
Size: 28KB - Virtual size: 24KB