23be31531ff007a3840e9777e64636fb_JaffaCakes118

General

Target

23be31531ff007a3840e9777e64636fb_JaffaCakes118
Size

619KB
MD5

23be31531ff007a3840e9777e64636fb
SHA1

25f2e61e9c2b077c3e8d8b3a9d6f66228c7ef4b4
SHA256

394b6f0b22219f83643c45536de91b5239e06f13bbe4a6c10a429aaec3eb1cae
SHA512

379ac8f7a850e2edc48bbe843ef390eef36705371232dab30bf71496247ee15dd23331f0ca3451eca88ceeb7c59fcbb5e717b7c39232ad47fe8059cc436af21b
SSDEEP

384:xrZOy/3bmRRV7ASRgYAX2UJY6HnyUeob:xEy/4RnAGUm6pe

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
23be31531ff007a3840e9777e64636fb_JaffaCakes118

Files

23be31531ff007a3840e9777e64636fb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

255d33812769939145beff9b7d9386f8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateThread
ResumeThread
CreateProcessA
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
lstrcatA
lstrcpyA
GetShortPathNameA
GetModuleFileNameA
GetEnvironmentVariableA
GetStartupInfoA
GetModuleHandleA
CopyFileA
SetFileAttributesA
GetLastError
lstrlenA
GetVersionExA
GlobalMemoryStatus
CreateThread
GetSystemDirectoryA
GetTickCount
ExitThread
Sleep
GetCurrentProcessId
HeapAlloc
GetProcessHeap
CloseHandle
GetTempPathA

advapi32

CreateServiceA
OpenServiceA
OpenSCManagerA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
CloseServiceHandle
RegSetValueExA
RegOpenKeyA
DeleteService
StartServiceA

comdlg32

GetFileTitleA

mfc42

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__CxxFrameHandler
printf
rand
srand
_acmdln
_XcptFilter
_exit
_except_handler3
strncmp
atoi
strstr
strchr
strtok
exit
time

urlmon

URLDownloadToFileA

user32

wsprintfA

ws2_32

WSASocketA

Sections

UPX0
Size: 616KB - Virtual size: 616KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

255d33812769939145beff9b7d9386f8

Headers

File Characteristics

Imports

kernel32

advapi32

comdlg32

mfc42

msvcrt

urlmon

user32

ws2_32

Sections

UPX0 Size: 616KB - Virtual size: 616KB

.avp Size: 2KB - Virtual size: 4KB

UPX0
Size: 616KB - Virtual size: 616KB

.avp
Size: 2KB - Virtual size: 4KB