20eb694a4e695c32e413bf20a94d54f6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

20eb694a4e695c32e413bf20a94d54f6_JaffaCakes118
Size

580KB
MD5

20eb694a4e695c32e413bf20a94d54f6
SHA1

46de80d931f91b5cd5f5a3df80e02165bf83c2ae
SHA256

7745d4f30b7f3298468ccc7d6cd1f99a43c7e5158afa2ae8549d2749c64e65ed
SHA512

6eddbdc2f396d50c412ea7d5a684a20a3b6248bb452321ef404a944ed711b32f71c7ca2e47cfc3010569eda8550204b4538c3f4012f1cbc9d50323b2c10d8d2b
SSDEEP

12288:pRI7sTyMVC5dNNkkFNpRgKBdKhAenacyzRFIvjhGmRCG:/kss7NFBzBdKCeacmI0mEG

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
20eb694a4e695c32e413bf20a94d54f6_JaffaCakes118

Files

20eb694a4e695c32e413bf20a94d54f6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f9dfe092d1bcf7dba87b58848962be5c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SafeArrayPtrOfIndex

advapi32

RegCloseKey

user32

CharToOemA
MessageBoxA

kernel32

VirtualQuery
GetModuleHandleA
LoadLibraryA
VirtualAlloc
VirtualFree
GetModuleFileNameA
ExitProcess

Exports

Exports

y�K�d��M%��B&]^�~��R��gڀkP�f.�B�-<�~��2\��/I�Qd��e[rY_�ܼ��b�i�s��b�0��I�c:(y��f��I��[R�>'�h�Hg�i.b*��xa��;e�9�]�"�l��y��Eŀ3��7��*�x�a=Jaɸx�Z]��s��(��V:�� ]��|�y��G��p�RSLN ḡ��@ϊQad��1?� 󦣫�m�S/J��,m�,z�ĉ��lA��K��t�T~�鿑�zx[��+��,�ً77m ��p-��J&�=�N�} ��arG﷘S�<�P�-V;��NG;�@�s�� Z��e:�>�צ�E ��Z=FJ�'�hs�ܵ4٢�Cc� ��e(��1��c鋖�N�Q��X`y �qj}��F�#��uy�TL��~�w��{)�~��E~��%T@�!S�$|�J�X.B�&�ml?�*��(��r��y�81}{�2<=��2�_�q�]�� %|�+IӑU߿ *m�d�pe�[F��;��{1��a��˴u�w5j{B�܃i9眱�,*"ʙOA�a|� {!�9��O;��u��>{��_��Ue�F��s�5��;h�t��v��i�_w�V4��_N#>��E��Y�>��oL�d(j�=�A��2�o/De�<F*��X��o��R� �G��Fg�g��tZ�9��<��h ��6�=3�Z��s&��0S<<�򕙖��oo��x��V�X� ̒��a�Ͻ�?�s��K_p� X-Љ��Ԣ� |�MHm}o*�e��!h��Tm��O��Q&��s��0��e��G��)�O�i:}��i�#�$��gBu�,��Э��}__p^��]!�Y��?b�4�d��|Ta �[{tq�-�+��%k�Q�/9��a{A��?M��bt�}��%1*��>�ɘ��2��;|ӳ��kO�.��s�.�9߿��J7[��1��(�jq$�^��E��H�:��v�H�� ;�� x&\�u�?��r�;�[�1��֟��,��!��g�Au#[��G�C��XC;��c'st^�s�C~��b��[xuLk.�5g ��eu�� g��O�n�mBH��?�M��W��]�{��<#��/J��x:켆��cG�@@ނ��!e�Q &&��~1z5[��Ev �~<J\@�%��v�l�cBp�ޮ�6}�¬mm�u*i�<�-��#�? ��Ak�|)q��K�^�R��U�L��,�1�}�3W�%S7�ۙ�r��x`Q��Ѳ�� !w� �|�0*��*<1l1w��WM�� v�)�X��Dw�N^?��x�?X��\8��])k��g�8��C��i�q��p:��1��E��'�u��aL6]��q��۰\�2�|mU@�zM��O��e��j��X@- ��_�[�z��I�޸Ssx�u��.?�ÃtThW��Ke��S��Q��{o;Y��C_9�-)��GzR��&!l�i]�Ҋ��5I�Ҿ^wq�ac��Ǌ��,]��!t��i{��ͭ��'S�vW&o'w=� �ؿ=��=�vO��Bw�0��J>�Nl��_%�U��xd��n�*��<}�TF��B'hl�ƣ&xw+Ҹ��рh��>� K�1��wo��b�t=��1kR��K�%��8��=��N\c�ْ��W��gA�s �W�r��"~��Iv��t��v��/[��G�# �f�R��$��]�^Jcwϵʐ^�F�m��ݢ�n�w:��Bu�S�� u{�K ۱��&\�/؂q�I0г�g��c�di^c1��ڪ�6򃇰�(��+�AF� �� +��I�[< ��]�xۂ� >�|��= ��<gW�eo�c��*و��o !2؊�0pJi%g[*#P�^�'�^uY��o��ʳ~��${�yudzH��$w��qi�]IIb��<Lc4/��y�:M��3z��7��xC��p�^�rAn�.\�C&�A/3��՛�,��*^m]�aNp#)|��}]�ROv��DEqq;��k kSԩR�-��3�n��Ɖ�Z ��,��Rn��#"�V$S��u�ז�h�}=q"�E͟�mD@�%T��l��Q��^<��3u�;n&��̨��HQh�WGiE��͆��L�r��}��إ��4�"-U0w�Z�I $��GF�)�� >�F�n��J!��>��"h�bB&�ԃ��KТ>% Ӏ�8��CR��V��_�QO��~�^7�,W�!��&��(Otv4�M*�G��y��p��Iu�4��!��<�U�N��y�soK��:J4) ��'p��C��p��ʰ��a�Eo�ݵX9f�}]C|%Ϭ��'�G��`օ��ZB�p5Ly�+�~%#jN��r�LX^��(�i�� .�N��[W��Eh�^p��^�^� r��7�NR��U��K�p��fik��;U9��aG�+J@ʂ�_��9�CO�A�F�;NprͿ^�ƚ�@�qK��Zf�K�aP�ah��,��2�}5��K��MB��s��,;�_��Ytn�s';yx�yMY!:��l�_9"�d2A,G��K� �!�Yp��'٧OD��p6T�B��v�C8p�uh:�O��c�d��'�i߫~�s��f�VS �Wj~��9�A�(B<k�̣�Ir�Mt'2j^��މ�.2��[l��-�m��TEy��;��DZ�_!��l��q�x��qG�l�K ��Q �*��k�2-��z�=|M�U��|e i�x^�O�U7�@ݽz��Md$

Sections

.text
Size: - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 13KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 274KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX1
Size: - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX2
Size: 577KB - Virtual size: 577KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9dfe092d1bcf7dba87b58848962be5c

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

Exports

Exports

Sections

.text Size: - Virtual size: 65KB

.itext Size: - Virtual size: 1KB

.data Size: - Virtual size: 3KB

.bss Size: - Virtual size: 13KB

.idata Size: - Virtual size: 2KB

.tls Size: - Virtual size: 12B

.rdata Size: - Virtual size: 24B

.UPX0 Size: - Virtual size: 5KB

.rsrc Size: 1024B - Virtual size: 274KB

.UPX1 Size: - Virtual size: 185KB

.UPX2 Size: 577KB - Virtual size: 577KB

.reloc Size: 512B - Virtual size: 252B

.text
Size: - Virtual size: 65KB

.itext
Size: - Virtual size: 1KB

.data
Size: - Virtual size: 3KB

.bss
Size: - Virtual size: 13KB

.idata
Size: - Virtual size: 2KB

.tls
Size: - Virtual size: 12B

.rdata
Size: - Virtual size: 24B

.UPX0
Size: - Virtual size: 5KB

.rsrc
Size: 1024B - Virtual size: 274KB

.UPX1
Size: - Virtual size: 185KB

.UPX2
Size: 577KB - Virtual size: 577KB

.reloc
Size: 512B - Virtual size: 252B