fcec1731160940e825643e856a8d24c5_JaffaCakes118

General

Target

fcec1731160940e825643e856a8d24c5_JaffaCakes118
Size

59KB
MD5

fcec1731160940e825643e856a8d24c5
SHA1

b8c975a70d6c1ffe5b812daa9d4acbe99648ca6a
SHA256

c074c4e6f7ee1dae110204d6b52897489c342a12147be5019e37233149867938
SHA512

3e281903e603cafa0df9669cc0faa61369a3de675a6bc2081c730038217925e74d75b2a4f5c703bc3bf58ab10b0c0a3c02f24237b7558793472cb073caba0e96
SSDEEP

768:dlS295fEqXK2wO2qB3nSVjVH6WOmtb+gC8gntm:tEqXK2wrA3+jVaUtwxn

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fcec1731160940e825643e856a8d24c5_JaffaCakes118

Files

fcec1731160940e825643e856a8d24c5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

98790f026fc5c2260741f8991a89d93e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedExchange
GetACP
GetLocaleInfoA
GetVersionExA
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetProcAddress
LoadLibraryA
GetThreadContext
WaitForSingleObject
GetTickCount
ResumeThread
SetThreadContext
VirtualAllocEx
GetCurrentProcess
Sleep
CreateProcessA
GlobalFree
GlobalAlloc
OpenMutexA
CreateMutexA
CloseHandle
GetTimeZoneInformation
GetLocalTime
SystemTimeToFileTime
GetSystemTime
VirtualProtect
FlushFileBuffers
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
SetStdHandle
GetCPInfo
GetOEMCP
IsBadCodePtr
IsBadReadPtr
SetFilePointer
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetLastError
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetSystemInfo
GetStdHandle
ExitProcess
RtlUnwind
HeapFree
GetSystemTimeAsFileTime
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
HeapReAlloc
HeapAlloc
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetModuleFileNameA
VirtualQuery
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
TerminateProcess
HeapSize
SetUnhandledExceptionFilter
WriteFile

iphlpapi

GetBestInterface
GetFriendlyIfIndex
GetIpAddrTable
GetNetworkParams

user32

wsprintfA

wininet

InternetOpenUrlA
HttpQueryInfoA
InternetReadFile
InternetOpenA
InternetCloseHandle

ws2_32

Sections

UPX0
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

98790f026fc5c2260741f8991a89d93e

Headers

File Characteristics

Imports

kernel32

iphlpapi

user32

wininet

ws2_32

Sections

UPX0 Size: 56KB - Virtual size: 56KB

.avc Size: 2KB - Virtual size: 4KB

UPX0
Size: 56KB - Virtual size: 56KB

.avc
Size: 2KB - Virtual size: 4KB