22a502e3f4aa475c45457c7867b45080_JaffaCakes118

General

Target

22a502e3f4aa475c45457c7867b45080_JaffaCakes118
Size

280KB
MD5

22a502e3f4aa475c45457c7867b45080
SHA1

b254495b761f4f8ac70598629813891b10b8d632
SHA256

5e173d18fc6f36f92bb258065e50a8bbb504731d94ce43259cc8ec631daeda52
SHA512

19c91ca3cb65123ece3972a7688c952af6016257ccec966be96f035916eee0abb9e450f55f8900cc9f604401562b97fbc8ade21b75f871960aaac489d46ad341
SSDEEP

6144:fKWcLKLmc1ONhcj1xRarDHW+ElU4HinhMBLwiw0YrEe4UFJi:ftLmc1rj1xRarDHx4Cno9YAe3Ji

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
22a502e3f4aa475c45457c7867b45080_JaffaCakes118

Files

22a502e3f4aa475c45457c7867b45080_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1ac4456e3f8aa984e679a0df0bf310d3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteFileA
GetLastError
GetVersionExA
CreateFileA
FormatMessageA
GetProcAddress
LoadLibraryA
FreeLibrary
lstrcmpiA
GetUserDefaultLangID
MapViewOfFile
CreateFileMappingA
GetWindowsDirectoryA
GetSystemDirectoryA
GetComputerNameA
HeapFree
HeapAlloc
GetProcessHeap
OpenProcess
GetPriorityClass
CopyFileA
GetFileSize
UnmapViewOfFile
GetSystemInfo
GetSystemDefaultLangID
GetCommandLineA
ExitProcess
TerminateProcess
GetCurrentProcess
GetTimeZoneInformation
GetSystemTime
GetLocalTime
WideCharToMultiByte
RtlUnwind
CloseHandle
GetVersion
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
WriteFile
ReadFile
FlushFileBuffers
GetCurrentProcessId
GetCPInfo
GetACP
GetOEMCP
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetStdHandle
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
MultiByteToWideChar
LCMapStringA
LCMapStringW
SetEndOfFile
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
SetEnvironmentVariableA

advapi32

GetUserNameA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

Sections

.text
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1ac4456e3f8aa984e679a0df0bf310d3

Headers

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 72KB - Virtual size: 70KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 52KB - Virtual size: 56KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 72KB - Virtual size: 70KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 52KB - Virtual size: 56KB

UPX0
Size: 144KB - Virtual size: 380KB