235523b6a0ef0f13e7d90cd489ec4d49_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

235523b6a0ef0f13e7d90cd489ec4d49_JaffaCakes118
Size

202KB
MD5

235523b6a0ef0f13e7d90cd489ec4d49
SHA1

fa6f99f68248fffa7318cce3a138d27cd969f1dc
SHA256

b011e77d2549a00b65f9da87b63ac4ebb9405b8966a589c938dfd753963fe133
SHA512

1c9004f91be8f48e9c0fdeffbc09f06f5d8e757cc306e6394732df3660cebe64a79d5e3afa0ccaff6b31a1b676989c8a11b1fd3fa45c463ea2c885c501abc5c6
SSDEEP

3072:kU1SL0fEw90lpC9e6P9VEX7MLUGqvyfFrABjIiSz7mbMfDNyFHr5wdA30fteQ8+O:yL0wvCwQcLSmvyqRSzSb2NDdftePGg

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
235523b6a0ef0f13e7d90cd489ec4d49_JaffaCakes118

Files

235523b6a0ef0f13e7d90cd489ec4d49_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8864948b624a33b260714f546b0b4009

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateFileA
CreateThread
DeleteFileA
ExitProcess
ExitThread
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetTempFileNameA
GetTempPathA
GetVersionExA
LoadLibraryA
LoadLibraryExA
OpenProcess
WriteProcessMemory
VirtualAlloc
VirtualFree
WriteFile

Sections

UPX0
Size: - Virtual size: 400KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 105KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pe
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8864948b624a33b260714f546b0b4009

Headers

File Characteristics

Imports

kernel32

Sections

UPX0 Size: - Virtual size: 400KB

UPX1 Size: 105KB - Virtual size: 108KB

.rsrc Size: 8KB - Virtual size: 12KB

pebundle Size: 33KB - Virtual size: 36KB

pebundle Size: 8KB - Virtual size: 8KB

.pe Size: - Virtual size: 4KB

.data Size: - Virtual size: 8B

.rsrc Size: 13KB - Virtual size: 12KB

.reloc Size: 512B - Virtual size: 8B

pebundle Size: 8KB - Virtual size: 8KB

UPX0
Size: - Virtual size: 400KB

UPX1
Size: 105KB - Virtual size: 108KB

.rsrc
Size: 8KB - Virtual size: 12KB

pebundle
Size: 33KB - Virtual size: 36KB

pebundle
Size: 8KB - Virtual size: 8KB

.pe
Size: - Virtual size: 4KB

.data
Size: - Virtual size: 8B

.rsrc
Size: 13KB - Virtual size: 12KB

.reloc
Size: 512B - Virtual size: 8B

pebundle
Size: 8KB - Virtual size: 8KB