2573922a870921b70bcf9ef31071d80d_JaffaCakes118

General

Target

2573922a870921b70bcf9ef31071d80d_JaffaCakes118
Size

88KB
MD5

2573922a870921b70bcf9ef31071d80d
SHA1

fb72d0b255053be82183513bdcc48287ff7e10d8
SHA256

ddf6b26a72989f9c3a23a0fe9fbe9f410622932ba3697bbfcbd7e37b7b4fbbc3
SHA512

c4e718739800c13cf9aafe3ccfa0fcd578a7205009997ce5fe79255bac229eca693eb124c643b958e198c04e97de6b6a6bbe5a7cd74e4881bc4cfcb9380e6e09
SSDEEP

1536:ylqwVs3AAuoqPaab7UPqx1s07LyMFsnnMe:8VW/DaHZ1V7LXFsnMe

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2573922a870921b70bcf9ef31071d80d_JaffaCakes118

Files

2573922a870921b70bcf9ef31071d80d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

378a988d1def8210f59409e94f35f8ba

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

lstrlenA
lstrcmpiA
WritePrivateProfileStringA
WriteFile
Sleep
SizeofResource
SetLocalTime
SetFilePointer
SetFileAttributesA
SetEndOfFile
RemoveDirectoryA
ReadFile
MoveFileExA
MoveFileA
LockResource
LoadResource
LoadLibraryA
GetVersionExA
GetShortPathNameA
GetProcAddress
GetModuleFileNameA
GetLocalTime
GetFileSize
GetCurrentProcessId
GetCurrentProcess
FreeResource
FreeLibrary
FindResourceA
DeleteFileA
CreateFileA
CopyFileA
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetCurrentThreadId
GetStartupInfoA
GetModuleFileNameA
GetLastError
GetCommandLineA
FreeLibrary
CreateDirectoryA
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey

gdi32

GetBkMode
GetBkColor
Chord
AngleArc

shlwapi

PathFileExistsA

user32

PostThreadMessageA
PostMessageA
IsWindow
GetWindowThreadProcessId
GetWindow
GetMessageA
GetForegroundWindow
GetClassNameA
FindWindowA
DispatchMessageA
CreateWindowExA
CheckRadioButton
CheckMenuRadioItem
CheckMenuItem
CheckDlgButton
GetKeyboardType
MessageBoxA
CharNextA

Sections

UPX0
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

378a988d1def8210f59409e94f35f8ba

Headers

File Characteristics

Imports

kernel32

advapi32

gdi32

shlwapi

user32

Sections

UPX0 Size: 84KB - Virtual size: 84KB

.rsrc Size: 1024B - Virtual size: 4KB

.avc Size: 2KB - Virtual size: 4KB

UPX0
Size: 84KB - Virtual size: 84KB

.rsrc
Size: 1024B - Virtual size: 4KB

.avc
Size: 2KB - Virtual size: 4KB