16ceb913ca0467f0f2bf9f74c809b661_JaffaCakes118

General

Target

16ceb913ca0467f0f2bf9f74c809b661_JaffaCakes118
Size

113KB
MD5

16ceb913ca0467f0f2bf9f74c809b661
SHA1

f6e6048961f8fa1fdd4aed5a4c4846ca0c7b7fee
SHA256

59177f3970972261509e65c01cf1aea4fa7dc50f698ce5f380ae61183ef115dc
SHA512

2d4e1723d3edf9ad6d3d75c58cdec7a5e6ea1f37be78c6dc7debd55e0be56f384ac23b7b14ece65dacc2c46a42292734b194c40a7977298d44e48de8c39d1303
SSDEEP

3072:X7iUR44wzzujqjbQ+NjePQbrmMmHSb5k9gYuWBlR:XxUzPAwePQbGH6i9/J

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16ceb913ca0467f0f2bf9f74c809b661_JaffaCakes118

Files

16ceb913ca0467f0f2bf9f74c809b661_JaffaCakes118
.exe windows:5 windows x86 arch:x86

13a5ec758c23c4ebec520a54a47e014a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

lsass.pdb

Imports

advapi32

FreeSid
CheckTokenMembership
AllocateAndInitializeSid
OpenThreadToken
ImpersonateSelf
RevertToSelf

kernel32

CloseHandle
GetCurrentThread
ExitThread
SetUnhandledExceptionFilter
SetErrorMode
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
RtlUnwind
InterlockedExchange
VirtualQuery

ntdll

NtSetInformationProcess
RtlInitUnicodeString
NtCreateEvent
NtOpenEvent
NtSetEvent
NtClose
NtRaiseHardError
RtlAdjustPrivilege
NtShutdownSystem
RtlUnhandledExceptionFilter

lsasrv

LsaISetupWasRun
LsapDsDebugInitialize
LsapAuOpenSam
LsapCheckBootMode
ServiceInit
LsapInitLsa
LsapDsInitializePromoteInterface
LsapDsInitializeDsStateInfo

samsrv

SamIInitialize
SampUsingDsData

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 100KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

13a5ec758c23c4ebec520a54a47e014a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

ntdll

lsasrv

samsrv

Sections

.text Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 108B

.rsrc Size: 7KB - Virtual size: 6KB

.UPX0 Size: 100KB - Virtual size: 244KB

.text
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 108B

.rsrc
Size: 7KB - Virtual size: 6KB

.UPX0
Size: 100KB - Virtual size: 244KB