297cc69fbb0f0d47f29b04dfaa12abc9_JaffaCakes118

General

Target

297cc69fbb0f0d47f29b04dfaa12abc9_JaffaCakes118
Size

294KB
MD5

297cc69fbb0f0d47f29b04dfaa12abc9
SHA1

74a9e0b22dd78ed51c753e1a18042a6d24e22653
SHA256

b91ef368e04a21aeb409fc1c8802c35bcb0bff726669b5f6dec3558c46e52b38
SHA512

b06ff586899a41f5ab05aeea4b5757808b6eca4bac1cff06f984f1fd05aedef6d092f20b3c65466145529934ab59c9a7af7a78f7c1ac44fb1d50abbea5f3de96
SSDEEP

1536:Nw5z1tmHZqKZK4XycJ+qsX2cwF1TltK1SU:Nw5z1tm5qKZK4XyO+qCUvs1SU

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
297cc69fbb0f0d47f29b04dfaa12abc9_JaffaCakes118

Files

297cc69fbb0f0d47f29b04dfaa12abc9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1c9b29ed5274897cc7694c769715cc98

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempFileNameA
SetErrorMode
GetStartupInfoA
GetModuleHandleA
LocalFree
GetConsoleWindow
CreateMutexA
GetLastError
CreateThread
GetTickCount
lstrcmpA
lstrlenA
lstrcatA
lstrcpyA
LoadLibraryA
GetProcAddress
SetConsoleTextAttribute
GetStdHandle
AllocConsole
FreeConsole
GetVolumeInformationA
GetModuleFileNameA
GetTempPathA
CreateProcessA
Sleep
Process32Next
DeleteFileA
TerminateProcess
CloseHandle
OpenProcess
Process32First
CreateToolhelp32Snapshot
ExitProcess
GetCurrentProcessId
lstrcpynA

msvcrt

??1type_info@@UAE@XZ
_controlfp
_strdup
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
sprintf
fclose
fgets
fopen
_strcmpi
malloc
fwrite
fputs
setvbuf
_iob
_fdopen
_open_osfhandle
strlen
strcat
rand
strcpy
strstr
strrchr
strcmp
ftell
fseek
memset
strtok
printf
srand
__argv
__argc
_CxxThrowException
??3@YAXPAX@Z
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm

oleaut32

psapi

EnumProcessModules
GetModuleFileNameExA

user32

wsprintfA
ShowWindow
IsCharAlphaNumericA

ws2_32

Sections

UPX0
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1c9b29ed5274897cc7694c769715cc98

Headers

File Characteristics

Imports

kernel32

msvcrt

oleaut32

psapi

user32

ws2_32

Sections

UPX0 Size: 248KB - Virtual size: 248KB

.avp Size: 2KB - Virtual size: 4KB

UPX0
Size: 248KB - Virtual size: 248KB

.avp
Size: 2KB - Virtual size: 4KB