2798d946cb80a9e8f65c91dbceb20823_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2798d946cb80a9e8f65c91dbceb20823_JaffaCakes118
Size

245KB
MD5

2798d946cb80a9e8f65c91dbceb20823
SHA1

0b3e2bea6020b6d57ccd91b95d99afd6a4d99455
SHA256

f98933aa9ef9f2985c4838fd6dce9270f72b0521cd47ddfa67709b212013dc8a
SHA512

f1393541cdcdd46284cdc7682771594033d5e2d2ada7fd53e4a47cb2af735b2d9eb3c4fd1d7cb6bf6586c819b0abc2b3ad7203e87ef9a53e067cdbb688a4250f
SSDEEP

6144:9TnjNh5zcO/U2yRDsr+koILdS9IuZJELJskLFAt37RBERr:R5zT81NwZSIuYNLFG9Bgr

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2798d946cb80a9e8f65c91dbceb20823_JaffaCakes118

Files

2798d946cb80a9e8f65c91dbceb20823_JaffaCakes118
.exe windows:6 windows x86 arch:x86

8ce188e416670c450b6620c925728d8e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

extexport.pdb

Imports

kernel32

GetModuleFileNameW
GetVersionExA
OpenEventW
WaitForSingleObject
GetModuleHandleW
CreateDirectoryW
MoveFileW
LocalFree
LocalAlloc
DeleteFileW
EnumUILanguagesW
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
RtlUnwind
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
FreeLibrary
ExpandEnvironmentStringsW
CreateFileW
CloseHandle
lstrcmpW
WriteFile
LoadLibraryExW
lstrlenW
LoadLibraryW
GetProcAddress
UnhandledExceptionFilter

msvcrt

_exit
_cexit
__getmainargs
_XcptFilter
free
exit
_initterm
_amsg_exit
wcschr
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_unlock
__dllonexit
_lock
_onexit
_vsnwprintf
memset
?terminate@@YAXXZ
_controlfp

shlwapi

PathFileExistsW
StrStrW
PathFindFileNameW
ord158
StrCmpNW
ord215

advapi32

RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

user32

LoadStringW
GetSystemMetrics

shell32

SHSetLocalizedName
SHGetFolderPathAndSubDirW

iertutil

ord675
ord672

Sections

.text
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.UPX0
Size: 104KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8ce188e416670c450b6620c925728d8e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcrt

shlwapi

advapi32

user32

shell32

iertutil

Sections

.text Size: 124KB - Virtual size: 124KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 13KB - Virtual size: 12KB

.UPX0 Size: 104KB - Virtual size: 252KB

.text
Size: 124KB - Virtual size: 124KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 13KB - Virtual size: 12KB

.UPX0
Size: 104KB - Virtual size: 252KB