28fd072d44bcd3aab309243e9889b21a_JaffaCakes118

General

Target

28fd072d44bcd3aab309243e9889b21a_JaffaCakes118
Size

57KB
MD5

28fd072d44bcd3aab309243e9889b21a
SHA1

ec151bc62f2c2d1545cc0f87593f4cdac4ef30ef
SHA256

b085d26f577e77217d5e2ada72af4db7e64f069f8ba0f2318345f714e865b8f5
SHA512

7e2ad75eb56174faa5bff2ba26f682618d4a57f2031628f4983fa168cb965cd89b3851b2f463c9c97eb3a1ac3731fef431b42b1c568ea6a25e0aab65cc4962a4
SSDEEP

768:dNP1hINa2bcK/N2ogWTOCD8X5hPoznG/AcUsifGntr6j:dNvINa2owN2og1X5hwLpcgGnO

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28fd072d44bcd3aab309243e9889b21a_JaffaCakes118

Files

28fd072d44bcd3aab309243e9889b21a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

28e646e4ed339b861e89005ef618bd8b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
HeapAlloc
GetVersion
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetVersionExA
CopyFileA
GetSystemDirectoryA
GetModuleFileNameA
Sleep
ExitProcess
GetTimeZoneInformation
GetLocalTime
GetComputerNameA
GetPrivateProfileStringA
GetPrivateProfileSectionA
GetWindowsDirectoryA
LoadResource
FindResourceA
FreeLibrary
GetProcAddress
LoadLibraryA
GetStdHandle
ReadFile
TerminateProcess
GetOEMCP
GetACP
GetCPInfo
CreateFileA
SetStdHandle
FlushFileBuffers
RtlUnwind
IsBadCodePtr
GetStartupInfoA
GetCommandLineA
SetEndOfFile
MultiByteToWideChar
HeapFree
GetLastError
WriteFile
CloseHandle
WideCharToMultiByte
FreeEnvironmentStringsW
GetCurrentProcess
SetHandleCount
GetEnvironmentStrings
GetFileType
SetFilePointer
UnhandledExceptionFilter
FreeEnvironmentStringsA
SetUnhandledExceptionFilter
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc

advapi32

GetUserNameA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

user32

GetWindowTextA
GetForegroundWindow
CharLowerA

wsock32

inet_addr
WSACleanup
inet_ntoa
gethostbyname
gethostname
WSAStartup
closesocket
gethostbyaddr
socket
htons
connect
recv
send

Sections

UPX0
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

28e646e4ed339b861e89005ef618bd8b

Headers

File Characteristics

Imports

kernel32

advapi32

user32

wsock32

Sections

UPX0 Size: 52KB - Virtual size: 52KB

.rsrc Size: 2KB - Virtual size: 4KB

.avp Size: 2KB - Virtual size: 4KB

UPX0
Size: 52KB - Virtual size: 52KB

.rsrc
Size: 2KB - Virtual size: 4KB

.avp
Size: 2KB - Virtual size: 4KB