1550760d57cdb3987544713b5e2d04d5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1550760d57cdb3987544713b5e2d04d5_JaffaCakes118
Size

269KB
MD5

1550760d57cdb3987544713b5e2d04d5
SHA1

898a2e20f4eeafe54fd4726c1d52ee2ad0c6a0e2
SHA256

6bfe994ce4f38a1fe58adf7f2490d8fbdea44cdcd7de29d07401ab2cee79452a
SHA512

a14d85a4aa3bc8a1a9d9bf251ce9c1ddf76a38fb221c6449a268ee75869c13640d7ee04436a038562fb740ed4bb8db60827d40067c492dde260e86e02c26cbb7
SSDEEP

6144:0/w8abEfC7QCAUtrj89/BskQkWTfZQ0/0cdmiRwxArDUn:04K6LzHKcvTZQ0/0zJxQDU

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1550760d57cdb3987544713b5e2d04d5_JaffaCakes118

Files

1550760d57cdb3987544713b5e2d04d5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f4452cf9d9e8e1d223a3daf8c60d11ba

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DuplicateHandle
InitializeCriticalSection
CreateMutexW
OpenMutexW
LocalFree
LocalAlloc
GetModuleHandleA
lstrcmpA
GetVersion
GetTickCount
GetModuleFileNameA
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
WaitForMultipleObjects
WaitForSingleObject
GetCurrentProcessId
SetEvent
GetCurrentThreadId
CreateEventW
GetCurrentProcess
GetVersionExW
lstrcpynA
lstrlenA
GetLastError
MultiByteToWideChar
GetFullPathNameA
GetFileAttributesA
lstrcpynW
lstrlenW
FreeLibrary
GetFileAttributesW
LoadLibraryW
GetCurrentThread
GetProcAddress

user32

PeekMessageW

advapi32

RegQueryValueExA
RegOpenKeyA
FreeSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteKeyA
EqualSid

shell32

ord680
ShellExecuteExW
SHGetDesktopFolder

msasn1

ASN1BEREncCheck
ASN1_GetDecoderOption
ASN1_CloseDecoder
ASN1BERDecSXVal
ASN1BERDecOpenType
ASN1BERDecZeroCharString
ASN1BEREncCharString
ASN1BERDecEndOfContents
ASN1BEREncS32
ASN1DecAlloc
ASN1_CloseEncoder
ASN1_Decode
ASN1objectidentifier2_cmp
ASN1_CloseModule
ASN1BERDecBool
ASN1BEREncRemoveZeroBits

fmifs

Extend

Sections

UPX1
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.utL
Size: 3KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.x
Size: 2KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.REHKgI
Size: 512B - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 105KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 350KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.R
Size: 1024B - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 117KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.OoYrd
Size: 3KB - Virtual size: 485KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4452cf9d9e8e1d223a3daf8c60d11ba

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msasn1

fmifs

Sections

UPX1 Size: 7KB - Virtual size: 7KB

.utL Size: 3KB - Virtual size: 279KB

.x Size: 2KB - Virtual size: 27KB

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 2KB - Virtual size: 31KB

.REHKgI Size: 512B - Virtual size: 47KB

.edata Size: 105KB - Virtual size: 171KB

.data Size: 7KB - Virtual size: 350KB

.R Size: 1024B - Virtual size: 139KB

.edata Size: 117KB - Virtual size: 139KB

.OoYrd Size: 3KB - Virtual size: 485KB

.rsrc Size: 1KB - Virtual size: 1KB

UPX1
Size: 7KB - Virtual size: 7KB

.utL
Size: 3KB - Virtual size: 279KB

.x
Size: 2KB - Virtual size: 27KB

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 2KB - Virtual size: 31KB

.REHKgI
Size: 512B - Virtual size: 47KB

.edata
Size: 105KB - Virtual size: 171KB

.data
Size: 7KB - Virtual size: 350KB

.R
Size: 1024B - Virtual size: 139KB

.edata
Size: 117KB - Virtual size: 139KB

.OoYrd
Size: 3KB - Virtual size: 485KB

.rsrc
Size: 1KB - Virtual size: 1KB