984dfb96e5dd14800ad638d986e898cd_JaffaCakes118

General

Target

984dfb96e5dd14800ad638d986e898cd_JaffaCakes118
Size

24KB
MD5

984dfb96e5dd14800ad638d986e898cd
SHA1

b460d3209d9261fceb7d85eacffebc6810289aa9
SHA256

694c43b46a6395a6a9a759e08ec972ff0b9c0d21aea0713225ad33b2b898b743
SHA512

519ae964f38d8ff7f712c5631becd2c3528257cde5d29c57e39ecdb7cd51977f97bdce9dd09d81107205cce94f444dbb2c365e5e43c47a8b1aa9dab7c825d454
SSDEEP

768:UfFvrYHFtDKm38hTVMsV6naPIvIWaTUUeB:otkHfDK5ppzj4UeB

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/srv32.exe	aspack_v212_v242

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/srv32.exe
unpack001/srv32.unshell.exe

Files

984dfb96e5dd14800ad638d986e898cd_JaffaCakes118
.rar
srv32.exe
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 7KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
srv32.unshell.exe
.exe windows:1 windows x86 arch:x86

53c9cc3824aa6b56975ab65e0fda295b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetWindowsDirectoryA
LocalFree
GetModuleFileNameA
ReadFile
GetCommandLineA
CreateMutexA
LocalAlloc
CreateFileA
SetFilePointer
SetEndOfFile
GetCurrentProcessId
CopyFileA
GetModuleHandleA
GetProcAddress
ExitProcess
SetFileAttributesA
GetCurrentProcess
CreateProcessA
WaitForSingleObject
Sleep
GetLastError
CreateThread
GetFileSize
SetPriorityClass
SetCurrentDirectoryA
WriteFile
DeleteFileA
CloseHandle
lstrcat
lstrcmpi
lstrcpy
lstrlen
GetVersion

user32

wsprintfA
CharUpperA

advapi32

RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey

ws2_32

sendto
send
recvfrom
recv
inet_ntoa
connect
closesocket
bind
WSAStartup
WSAIoctl
WSAEventSelect
WSAEnumNetworkEvents
socket
WSACreateEvent
WSACloseEvent
WSACleanup

wininet

InternetOpenUrlA
InternetOpenA
InternetGetConnectedState
InternetCloseHandle
InternetReadFile
HttpQueryInfoA

Sections

CODE
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

CODE Size: 7KB - Virtual size: 20KB

DATA Size: 3KB - Virtual size: 8KB

.idata Size: 1024B - Virtual size: 4KB

.reloc Size: - Virtual size: 4KB

.aspack Size: 4KB - Virtual size: 8KB

.adata Size: - Virtual size: 4KB

53c9cc3824aa6b56975ab65e0fda295b

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

wininet

Sections

CODE Size: 16KB - Virtual size: 20KB

DATA Size: 6KB - Virtual size: 8KB

.idata Size: 2KB - Virtual size: 4KB

.reloc Size: - Virtual size: 4KB

CODE
Size: 7KB - Virtual size: 20KB

DATA
Size: 3KB - Virtual size: 8KB

.idata
Size: 1024B - Virtual size: 4KB

.reloc
Size: - Virtual size: 4KB

.aspack
Size: 4KB - Virtual size: 8KB

.adata
Size: - Virtual size: 4KB

CODE
Size: 16KB - Virtual size: 20KB

DATA
Size: 6KB - Virtual size: 8KB

.idata
Size: 2KB - Virtual size: 4KB

.reloc
Size: - Virtual size: 4KB