fff9fc71b8f4ca0c7d45701476d28c0d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fff9fc71b8f4ca0c7d45701476d28c0d_JaffaCakes118
Size

124KB
MD5

fff9fc71b8f4ca0c7d45701476d28c0d
SHA1

e5809a87988e8b1ddc9640992334c98bffe9a4c8
SHA256

710378e65cb39a36aa59cd2aca45dbbbaa47e9060e30ab41df6dce2d53130968
SHA512

43d318d6e2f3af94a5a7c7e3e905289d4995057861ef19683b497127d69c0e026d883c8f8953a30e99dd0b0f5e86859bf43fd175ae45d2e03cf3364bb19c4950
SSDEEP

1536:2eehWNaG86gdFgwh5CZJwyJ9AmDvnIQYK+ID4mKpT1Gl+FpxdHIQLeRznPG:RKHYZZtDNYGUZyupxdoQLIznPG

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fff9fc71b8f4ca0c7d45701476d28c0d_JaffaCakes118

Files

fff9fc71b8f4ca0c7d45701476d28c0d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2f433ee056d910dbc6b7f5b98feb57c0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVolumeInformationA
GetDriveTypeA
GetWindowsDirectoryA
GlobalMemoryStatus
GetComputerNameA
WaitForSingleObject
GetSystemDirectoryA
OpenProcess
FreeLibrary
GetProcAddress
LoadLibraryA
TerminateProcess
CreateProcessA
TerminateThread
GetExitCodeThread
GetCurrentProcessId
RemoveDirectoryA
SetConsoleCtrlHandler
LocalFree
FormatMessageA
GetVersionExA
GetTempFileNameA
GetTempPathA
SetFileAttributesA
SetLastError
DisconnectNamedPipe
WaitForMultipleObjects
CreatePipe
DuplicateHandle
GetCurrentProcess
ExitThread
PeekNamedPipe
GetModuleHandleA
GetLastError
CreateFileA
SetEndOfFile
WriteFile
lstrcpyA
ReadFile
CloseHandle
FileTimeToSystemTime
FindFirstFileA
FileTimeToLocalFileTime
CreateDirectoryA
FindNextFileA
FindClose
FreeConsole
SetCurrentDirectoryA
CopyFileA
GetModuleFileNameA
DeleteFileA
Sleep
lstrlenA
lstrcatA
CreateThread
GetNumberOfConsoleInputEvents
FlushFileBuffers
SetStdHandle
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
SetFilePointer
GetVersion
GetCurrentDirectoryA
WinExec
GetStringTypeW
GetStringTypeA
GetTimeZoneInformation
GetLocalTime
GetSystemTime
HeapFree
ExitProcess
HeapAlloc
SetHandleCount
HeapReAlloc
GetStdHandle
GetStartupInfoA
PeekConsoleInputA
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetOEMCP
GetACP
GetCPInfo
GetCommandLineA
FreeEnvironmentStringsW
GetFileType
FreeEnvironmentStringsA
RtlUnwind
GetEnvironmentStringsW
GetEnvironmentStrings
MultiByteToWideChar
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
WideCharToMultiByte

advapi32

RegisterEventSourceA
CloseServiceHandle
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
RegCloseKey
RegSetValueExA
StartServiceCtrlDispatcherA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
SetServiceStatus
DeregisterEventSource
RegisterServiceCtrlHandlerA
CreateServiceA
OpenSCManagerA
ReportEventA
OpenServiceA
DeleteService
StartServiceA
ControlService
QueryServiceStatus

shell32

ShellExecuteA
SHFileOperationA

user32

EnumWindows
wsprintfA
PeekMessageA
TranslateMessage
GetKeyNameTextA
ToAscii
GetKeyboardState
CallNextHookEx
GetWindowTextA
GetActiveWindow
GetMessageA
UnhookWindowsHookEx
DispatchMessageA
SetKeyboardState
SetWindowsHookExA
ExitWindowsEx
MessageBoxA

winmm

mciSendStringA

ws2_32

WSAIoctl

Sections

UPX0
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2f433ee056d910dbc6b7f5b98feb57c0

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

user32

winmm

ws2_32

Sections

UPX0 Size: 120KB - Virtual size: 120KB

.avp Size: 3KB - Virtual size: 4KB

UPX0
Size: 120KB - Virtual size: 120KB

.avp
Size: 3KB - Virtual size: 4KB