25aac1b79cdd2b0f86316a43965b46c9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

25aac1b79cdd2b0f86316a43965b46c9_JaffaCakes118
Size

269KB
MD5

25aac1b79cdd2b0f86316a43965b46c9
SHA1

a51d0f59bb98dce47d34dd63b309c83789e6a8e8
SHA256

721a9a7c478144b16e361a31413c42be1c6f758c77faf2b59f37c05a480be21c
SHA512

8db17f5e0a8dd2b843f3c272b634c26ca1829583504b21fccd97b4cd83877127d2a38b98bcd05f59afcf4857d4f57f92e9e2d03641fc06e108cafcb728d24068
SSDEEP

6144:s/w8abEfC7QCAUtrj89/BskQkWTfZQ0/0cdmiRwxArDUn:s4K6LzHKcvTZQ0/0zJxQDU

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25aac1b79cdd2b0f86316a43965b46c9_JaffaCakes118

Files

25aac1b79cdd2b0f86316a43965b46c9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f4452cf9d9e8e1d223a3daf8c60d11ba

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DuplicateHandle
InitializeCriticalSection
CreateMutexW
OpenMutexW
LocalFree
LocalAlloc
GetModuleHandleA
lstrcmpA
GetVersion
GetTickCount
GetModuleFileNameA
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
WaitForMultipleObjects
WaitForSingleObject
GetCurrentProcessId
SetEvent
GetCurrentThreadId
CreateEventW
GetCurrentProcess
GetVersionExW
lstrcpynA
lstrlenA
GetLastError
MultiByteToWideChar
GetFullPathNameA
GetFileAttributesA
lstrcpynW
lstrlenW
FreeLibrary
GetFileAttributesW
LoadLibraryW
GetCurrentThread
GetProcAddress

user32

PeekMessageW

advapi32

RegQueryValueExA
RegOpenKeyA
FreeSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteKeyA
EqualSid

shell32

ord680
ShellExecuteExW
SHGetDesktopFolder

msasn1

ASN1BEREncCheck
ASN1_GetDecoderOption
ASN1_CloseDecoder
ASN1BERDecSXVal
ASN1BERDecOpenType
ASN1BERDecZeroCharString
ASN1BEREncCharString
ASN1BERDecEndOfContents
ASN1BEREncS32
ASN1DecAlloc
ASN1_CloseEncoder
ASN1_Decode
ASN1objectidentifier2_cmp
ASN1_CloseModule
ASN1BERDecBool
ASN1BEREncRemoveZeroBits

fmifs

Extend

Sections

UPX1
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.utL
Size: 3KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.x
Size: 2KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.REHKgI
Size: 512B - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 105KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 350KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.R
Size: 1024B - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 117KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.OoYrd
Size: 3KB - Virtual size: 485KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4452cf9d9e8e1d223a3daf8c60d11ba

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msasn1

fmifs

Sections

UPX1 Size: 7KB - Virtual size: 7KB

.utL Size: 3KB - Virtual size: 279KB

.x Size: 2KB - Virtual size: 27KB

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 2KB - Virtual size: 31KB

.REHKgI Size: 512B - Virtual size: 47KB

.edata Size: 105KB - Virtual size: 171KB

.data Size: 7KB - Virtual size: 350KB

.R Size: 1024B - Virtual size: 139KB

.edata Size: 117KB - Virtual size: 139KB

.OoYrd Size: 3KB - Virtual size: 485KB

.rsrc Size: 1KB - Virtual size: 1KB

UPX1
Size: 7KB - Virtual size: 7KB

.utL
Size: 3KB - Virtual size: 279KB

.x
Size: 2KB - Virtual size: 27KB

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 2KB - Virtual size: 31KB

.REHKgI
Size: 512B - Virtual size: 47KB

.edata
Size: 105KB - Virtual size: 171KB

.data
Size: 7KB - Virtual size: 350KB

.R
Size: 1024B - Virtual size: 139KB

.edata
Size: 117KB - Virtual size: 139KB

.OoYrd
Size: 3KB - Virtual size: 485KB

.rsrc
Size: 1KB - Virtual size: 1KB