0331fc0d7bf00188e0f0dffc3a80e4b7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0331fc0d7bf00188e0f0dffc3a80e4b7_JaffaCakes118
Size

156KB
MD5

0331fc0d7bf00188e0f0dffc3a80e4b7
SHA1

2b1922c9c204054a7895acbb72508467e0c330ff
SHA256

12382c46a89eaae9a37862a9f71a93b41c366c88d408f1347dc0f89b3e30bd27
SHA512

7029269602ca184af370a8e530d73103e8634b679afd8aff938e8d50c2fc4c170b0801acd14763ba7c64ca280f0e3cb7291d65c9283eb9503bb29343809e8076
SSDEEP

3072:XKsBy7nNWdpHcUGzxj0ahcDv3d8XqnmJ9K78sSX0Ejjue5RpzEy/:jBy7YnH0j0gcDF8XqnmWZQ0Ejj7HzEy/

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0331fc0d7bf00188e0f0dffc3a80e4b7_JaffaCakes118

Files

0331fc0d7bf00188e0f0dffc3a80e4b7_JaffaCakes118
.exe windows:6 windows x86 arch:x86

6fdb9659bd425a7c978c82b51b4ac67b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

tracert.pdb

Imports

kernel32

FormatMessageA
LocalFree
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
SetThreadUILanguage
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedCompareExchange
InterlockedExchange
HeapSetInformation
GetLastError
GetCurrentProcessId
Sleep

msvcrt

_initterm
__set_app_type
_exit
_cexit
__getmainargs
memset
_amsg_exit
strtoul
exit
?terminate@@YAXXZ
_except_handler4_common
_controlfp
__setusermatherr
__p__commode
memcpy
__p__fmode
_XcptFilter
_write
_setmode

icmp

IcmpCloseHandle
IcmpCreateFile
IcmpSendEcho2

iphlpapi

Icmp6CreateFile
Icmp6SendEcho2

user32

CharToOemBuffA

ws2_32

WSAGetLastError
socket
inet_addr
closesocket
WSACleanup
freeaddrinfo
getaddrinfo
getnameinfo
WSAIoctl
WSAStartup

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 556B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6fdb9659bd425a7c978c82b51b4ac67b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcrt

icmp

iphlpapi

user32

ws2_32

Sections

.text Size: 7KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 5KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 556B

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 7KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 556B

UPX0
Size: 144KB - Virtual size: 380KB