165c7e1bdf7d29c97195cd916604007d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

165c7e1bdf7d29c97195cd916604007d_JaffaCakes118
Size

170KB
MD5

165c7e1bdf7d29c97195cd916604007d
SHA1

d1960d83e78ad313c3fad96f971e02a793920900
SHA256

3877bee6bcb7b4615e5022236d57c1fda721afdcd7e8390b8bb07346a0ca658a
SHA512

e6924913c3a303e231e27953b7c1ce3a81459f47050f011992440f22db2b5a4259cbba48844d96b50e9ea5099114302abd0a1ee9081a2b918969060611e7813d
SSDEEP

3072:g1ZCwzK8FW90cfN+2AY/y9gsxPv/WJA9q6NN1TEefe9:FwtFO0cfl/ONz9q6Fe9

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
165c7e1bdf7d29c97195cd916604007d_JaffaCakes118

Files

165c7e1bdf7d29c97195cd916604007d_JaffaCakes118
.exe windows:0 windows x86 arch:x86

1483a80767b473ba64ccd20d00de8827

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_amsg_exit
_initterm
_XcptFilter
strlen
wcscmp
strncpy
fabs
cos
acos
free
malloc
sin
memcpy
_purecall
strcmp
memcmp
pow
log10
memset

user32

MessageBoxA

kernel32

SetEndOfFile
GetFileSize
SetFilePointer
GetTickCount
GetVersion
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
RtlUnwind
Sleep
GetLastError
SetEvent
WaitForSingleObject
WaitForMultipleObjects
CreateEventA
TryEnterCriticalSection
DeleteCriticalSection
InterlockedExchange
CreateFileA
CloseHandle
IsProcessorFeaturePresent
ReadFile
GetOverlappedResult
QueryPerformanceFrequency
HeapAlloc
OutputDebugStringA
InterlockedCompareExchange
InterlockedIncrement
InterlockedDecrement
GetProcessHeap
HeapFree
LeaveCriticalSection
EnterCriticalSection
QueryPerformanceCounter
VirtualAlloc

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegEnumKeyA
RegOpenKeyExA
RegSetValueExA

rpcrt4

RpcStringFreeA
UuidToStringA

ole32

CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance

cmutil

CmLoadIconW

gdi32

CreateSolidBrush

winmm

joyReleaseCapture
waveOutGetPlaybackRate
mmDrvInstall
waveOutSetPlaybackRate
midiInClose
mmioSetBuffer
mixerGetLineInfoA
waveOutWrite
mci32Message
mixerGetLineControlsW
mciLoadCommandResource
waveInStart
mixerGetNumDevs
midiInGetErrorTextW
PlaySound
midiOutGetErrorTextA
mixerGetControlDetailsA

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

UPX0
Size: 512B - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX1
Size: 2KB - Virtual size: 30KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 139KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX3
Size: 3KB - Virtual size: 20KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1483a80767b473ba64ccd20d00de8827

Headers

File Characteristics

Imports

msvcrt

user32

kernel32

advapi32

rpcrt4

ole32

cmutil

gdi32

winmm

Sections

.text Size: 15KB - Virtual size: 14KB

UPX0 Size: 512B - Virtual size: 12KB

.rdata Size: 3KB - Virtual size: 2KB

UPX1 Size: 2KB - Virtual size: 30KB

UPX2 Size: 1024B - Virtual size: 17KB

.rdata Size: 139KB - Virtual size: 248KB

UPX3 Size: 3KB - Virtual size: 20KB

.rsrc Size: 1024B - Virtual size: 728B

.reloc Size: 3KB - Virtual size: 4KB

.text
Size: 15KB - Virtual size: 14KB

UPX0
Size: 512B - Virtual size: 12KB

.rdata
Size: 3KB - Virtual size: 2KB

UPX1
Size: 2KB - Virtual size: 30KB

UPX2
Size: 1024B - Virtual size: 17KB

.rdata
Size: 139KB - Virtual size: 248KB

UPX3
Size: 3KB - Virtual size: 20KB

.rsrc
Size: 1024B - Virtual size: 728B

.reloc
Size: 3KB - Virtual size: 4KB