06815da1f830d6e7524e49d088dd8f9f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

06815da1f830d6e7524e49d088dd8f9f_JaffaCakes118
Size

269KB
MD5

06815da1f830d6e7524e49d088dd8f9f
SHA1

89376ca2ff560b791c61cfd1c2459399479f184b
SHA256

a688747ccfe254c3b798de7d7bab5adb1c78dbbaa7e337a3b47be5d0a6901bdf
SHA512

1a9b579a8d92097eb0ff93b1298398dc3bd31313484de02f831f1938beb0fdbf5a326bdeb610a4ca9707774b0d0ee5eb1d391b6a15eeeca5669833a6b07293c3
SSDEEP

6144:n/w8abEfC7QCAUtrj89/BskQkWTfZQ0/0cdmiRwxArDUn:n4K6LzHKcvTZQ0/0zJxQDU

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06815da1f830d6e7524e49d088dd8f9f_JaffaCakes118

Files

06815da1f830d6e7524e49d088dd8f9f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f4452cf9d9e8e1d223a3daf8c60d11ba

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DuplicateHandle
InitializeCriticalSection
CreateMutexW
OpenMutexW
LocalFree
LocalAlloc
GetModuleHandleA
lstrcmpA
GetVersion
GetTickCount
GetModuleFileNameA
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
WaitForMultipleObjects
WaitForSingleObject
GetCurrentProcessId
SetEvent
GetCurrentThreadId
CreateEventW
GetCurrentProcess
GetVersionExW
lstrcpynA
lstrlenA
GetLastError
MultiByteToWideChar
GetFullPathNameA
GetFileAttributesA
lstrcpynW
lstrlenW
FreeLibrary
GetFileAttributesW
LoadLibraryW
GetCurrentThread
GetProcAddress

user32

PeekMessageW

advapi32

RegQueryValueExA
RegOpenKeyA
FreeSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteKeyA
EqualSid

shell32

ord680
ShellExecuteExW
SHGetDesktopFolder

msasn1

ASN1BEREncCheck
ASN1_GetDecoderOption
ASN1_CloseDecoder
ASN1BERDecSXVal
ASN1BERDecOpenType
ASN1BERDecZeroCharString
ASN1BEREncCharString
ASN1BERDecEndOfContents
ASN1BEREncS32
ASN1DecAlloc
ASN1_CloseEncoder
ASN1_Decode
ASN1objectidentifier2_cmp
ASN1_CloseModule
ASN1BERDecBool
ASN1BEREncRemoveZeroBits

fmifs

Extend

Sections

UPX1
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.utL
Size: 3KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.x
Size: 2KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.REHKgI
Size: 512B - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 105KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 350KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.R
Size: 1024B - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 117KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.OoYrd
Size: 3KB - Virtual size: 485KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4452cf9d9e8e1d223a3daf8c60d11ba

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msasn1

fmifs

Sections

UPX1 Size: 7KB - Virtual size: 7KB

.utL Size: 3KB - Virtual size: 279KB

.x Size: 2KB - Virtual size: 27KB

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 2KB - Virtual size: 31KB

.REHKgI Size: 512B - Virtual size: 47KB

.edata Size: 105KB - Virtual size: 171KB

.data Size: 7KB - Virtual size: 350KB

.R Size: 1024B - Virtual size: 139KB

.edata Size: 117KB - Virtual size: 139KB

.OoYrd Size: 3KB - Virtual size: 485KB

.rsrc Size: 1KB - Virtual size: 1KB

UPX1
Size: 7KB - Virtual size: 7KB

.utL
Size: 3KB - Virtual size: 279KB

.x
Size: 2KB - Virtual size: 27KB

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 2KB - Virtual size: 31KB

.REHKgI
Size: 512B - Virtual size: 47KB

.edata
Size: 105KB - Virtual size: 171KB

.data
Size: 7KB - Virtual size: 350KB

.R
Size: 1024B - Virtual size: 139KB

.edata
Size: 117KB - Virtual size: 139KB

.OoYrd
Size: 3KB - Virtual size: 485KB

.rsrc
Size: 1KB - Virtual size: 1KB