16c51fc0e5a50fde0edfd7a51fb4b3c6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

16c51fc0e5a50fde0edfd7a51fb4b3c6_JaffaCakes118
Size

434KB
MD5

16c51fc0e5a50fde0edfd7a51fb4b3c6
SHA1

632dc935d8d777c56f7887f9e3bb2449d445ca52
SHA256

1a91ba83b9ce5e735162194b5a9ea96f6d0ab3b21d738fe8a034d48f9138f09b
SHA512

ba564c151b70ddfa27d1d70845c768362002aafa4fe5d3d32d20d58954e77b2ecd237753fb9a593646d78dbd078f5b0c9ed46646215d2074543a44ae30716a17
SSDEEP

6144:tL2f9tEXk18VgRFS4OhTANNZVMuODZCZEJ8ZDHIYF/M/WRJf:tL2f9tPqqeXVRDZCayZDHIWok

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16c51fc0e5a50fde0edfd7a51fb4b3c6_JaffaCakes118

Files

16c51fc0e5a50fde0edfd7a51fb4b3c6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9c8decf3582072f6edfc385a689f44f4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateDirectoryA
CreateFileA
DeleteFileA
ExitProcess
FreeLibrary
GetCommandLineA
GetFileTime
GetModuleHandleA
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetWindowsDirectoryA
LoadLibraryA
lstrcatA
lstrcmpiA
RemoveDirectoryA
SetFileTime
VirtualAlloc
VirtualFree
WriteFile

Sections

UPX0
Size: - Virtual size: 860KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 223KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9c8decf3582072f6edfc385a689f44f4

Headers

File Characteristics

Imports

kernel32

Sections

UPX0 Size: - Virtual size: 860KB

UPX1 Size: 223KB - Virtual size: 224KB

.rsrc Size: 11KB - Virtual size: 12KB

pebundle Size: 6KB - Virtual size: 8KB

pebundle Size: 8KB - Virtual size: 8KB

pebundle Size: 15KB - Virtual size: 16KB

pebundle Size: 8KB - Virtual size: 8KB

pebundle Size: 17KB - Virtual size: 20KB

pebundle Size: 8KB - Virtual size: 8KB

pebundle Size: 4KB - Virtual size: 8KB

pebundle Size: 8KB - Virtual size: 8KB

pebundle Size: 22KB - Virtual size: 24KB

pebundle Size: 8KB - Virtual size: 8KB

pebundle Size: 1KB - Virtual size: 4KB

pebundle Size: 8KB - Virtual size: 8KB

pebundle Size: 11KB - Virtual size: 12KB

pebundle Size: 8KB - Virtual size: 8KB

pebundle Size: 7KB - Virtual size: 8KB

pebundle Size: 8KB - Virtual size: 8KB

pebundle Size: 1024B - Virtual size: 4KB

pebundle Size: 8KB - Virtual size: 8KB

UPX0
Size: - Virtual size: 860KB

UPX1
Size: 223KB - Virtual size: 224KB

.rsrc
Size: 11KB - Virtual size: 12KB

pebundle
Size: 6KB - Virtual size: 8KB

pebundle
Size: 8KB - Virtual size: 8KB

pebundle
Size: 15KB - Virtual size: 16KB

pebundle
Size: 8KB - Virtual size: 8KB

pebundle
Size: 17KB - Virtual size: 20KB

pebundle
Size: 8KB - Virtual size: 8KB

pebundle
Size: 4KB - Virtual size: 8KB

pebundle
Size: 8KB - Virtual size: 8KB

pebundle
Size: 22KB - Virtual size: 24KB

pebundle
Size: 8KB - Virtual size: 8KB

pebundle
Size: 1KB - Virtual size: 4KB

pebundle
Size: 8KB - Virtual size: 8KB

pebundle
Size: 11KB - Virtual size: 12KB

pebundle
Size: 8KB - Virtual size: 8KB

pebundle
Size: 7KB - Virtual size: 8KB

pebundle
Size: 8KB - Virtual size: 8KB

pebundle
Size: 1024B - Virtual size: 4KB

pebundle
Size: 8KB - Virtual size: 8KB