292fa6f85ec116f4d59daf05d2ca4090_JaffaCakes118

General

Target

292fa6f85ec116f4d59daf05d2ca4090_JaffaCakes118
Size

63KB
MD5

292fa6f85ec116f4d59daf05d2ca4090
SHA1

6b9c866117163fe26d4bf454023e95780dc96be1
SHA256

bf0837fbe9f9b45355ebe573dbc2a02b20738336c3bc349a328d0158edacac22
SHA512

9b15794ea12edb060ea78633938442dab255f1f3ab522e9e559da92323c24d2e5ea2435695ad26befd80e40cce9fe4ce735b4ac31431eb0e25ca746f6b6a939f
SSDEEP

768:VXq1GKeboW2wP7lYBJaFlm4ET9vyao9nJK0Hw8/V74jCiB9MqHDTnwyO:VcDe5P7+mjET9v7olnHwFXXnzO

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
292fa6f85ec116f4d59daf05d2ca4090_JaffaCakes118

Files

292fa6f85ec116f4d59daf05d2ca4090_JaffaCakes118
.dll windows:4 windows x86 arch:x86

7689a33d02580fe5c8772687f568fef6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpA
GetTickCount
CreateThread
GetLastError
GetProcessHeap
SetFileAttributesA
GetModuleFileNameA
VirtualQuery
DisableThreadLibraryCalls
HeapAlloc
HeapFree
Sleep
WinExec
CreateMutexA
lstrlenA
ReadFile
SetEndOfFile
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetOEMCP
GetACP
CreateFileA
SetFilePointer
FlushFileBuffers
SetStdHandle
RtlUnwind
HeapReAlloc
VirtualAlloc
LCMapStringW
LCMapStringA
MultiByteToWideChar
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
InterlockedDecrement
InterlockedIncrement
CloseHandle
WriteFile
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
GetCPInfo

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegQueryValueExA

wininet

InternetGetConnectedState
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetQueryDataAvailable
InternetReadFile
InternetCloseHandle

ws2_32

Sections

UPX0
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7689a33d02580fe5c8772687f568fef6

Headers

File Characteristics

Imports

kernel32

advapi32

wininet

ws2_32

Sections

UPX0 Size: 60KB - Virtual size: 60KB

.avp Size: 2KB - Virtual size: 4KB

UPX0
Size: 60KB - Virtual size: 60KB

.avp
Size: 2KB - Virtual size: 4KB