1894603fcfaeaf60ee718bc906920e8b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

1894603fcfaeaf60ee718bc906920e8b_JaffaCakes118
Size

269KB
MD5

1894603fcfaeaf60ee718bc906920e8b
SHA1

db6aafabaaa0e08a03df923dd1b964983578f4e3
SHA256

b28510aa26451e1270e2e90c5f543f3219ab7d636ced302a747c1bb4a020e49d
SHA512

13d5281ed37b6759ade8b1d496def8a9fc0c886f32e2227196ee3a91a0c3d6fe41dbf7d28d87749575724c18843d32966bf00bcdea4fbf3e1a5d90ed9d729937
SSDEEP

6144:k/w8abEfC7QCAUtrj89/BskQkWTfZQ0/0cdmiRwxArDUn:k4K6LzHKcvTZQ0/0zJxQDU

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1894603fcfaeaf60ee718bc906920e8b_JaffaCakes118

Files

1894603fcfaeaf60ee718bc906920e8b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f4452cf9d9e8e1d223a3daf8c60d11ba

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DuplicateHandle
InitializeCriticalSection
CreateMutexW
OpenMutexW
LocalFree
LocalAlloc
GetModuleHandleA
lstrcmpA
GetVersion
GetTickCount
GetModuleFileNameA
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
WaitForMultipleObjects
WaitForSingleObject
GetCurrentProcessId
SetEvent
GetCurrentThreadId
CreateEventW
GetCurrentProcess
GetVersionExW
lstrcpynA
lstrlenA
GetLastError
MultiByteToWideChar
GetFullPathNameA
GetFileAttributesA
lstrcpynW
lstrlenW
FreeLibrary
GetFileAttributesW
LoadLibraryW
GetCurrentThread
GetProcAddress

user32

PeekMessageW

advapi32

RegQueryValueExA
RegOpenKeyA
FreeSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteKeyA
EqualSid

shell32

ord680
ShellExecuteExW
SHGetDesktopFolder

msasn1

ASN1BEREncCheck
ASN1_GetDecoderOption
ASN1_CloseDecoder
ASN1BERDecSXVal
ASN1BERDecOpenType
ASN1BERDecZeroCharString
ASN1BEREncCharString
ASN1BERDecEndOfContents
ASN1BEREncS32
ASN1DecAlloc
ASN1_CloseEncoder
ASN1_Decode
ASN1objectidentifier2_cmp
ASN1_CloseModule
ASN1BERDecBool
ASN1BEREncRemoveZeroBits

fmifs

Extend

Sections

UPX1
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.utL
Size: 3KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.x
Size: 2KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.REHKgI
Size: 512B - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 105KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 350KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.R
Size: 1024B - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 117KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.OoYrd
Size: 3KB - Virtual size: 485KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4452cf9d9e8e1d223a3daf8c60d11ba

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msasn1

fmifs

Sections

UPX1 Size: 7KB - Virtual size: 7KB

.utL Size: 3KB - Virtual size: 279KB

.x Size: 2KB - Virtual size: 27KB

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 2KB - Virtual size: 31KB

.REHKgI Size: 512B - Virtual size: 47KB

.edata Size: 105KB - Virtual size: 171KB

.data Size: 7KB - Virtual size: 350KB

.R Size: 1024B - Virtual size: 139KB

.edata Size: 117KB - Virtual size: 139KB

.OoYrd Size: 3KB - Virtual size: 485KB

.rsrc Size: 1KB - Virtual size: 1KB

UPX1
Size: 7KB - Virtual size: 7KB

.utL
Size: 3KB - Virtual size: 279KB

.x
Size: 2KB - Virtual size: 27KB

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 2KB - Virtual size: 31KB

.REHKgI
Size: 512B - Virtual size: 47KB

.edata
Size: 105KB - Virtual size: 171KB

.data
Size: 7KB - Virtual size: 350KB

.R
Size: 1024B - Virtual size: 139KB

.edata
Size: 117KB - Virtual size: 139KB

.OoYrd
Size: 3KB - Virtual size: 485KB

.rsrc
Size: 1KB - Virtual size: 1KB