2c1ab89ded8d685e859299e3258491fc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2c1ab89ded8d685e859299e3258491fc_JaffaCakes118
Size

225KB
MD5

2c1ab89ded8d685e859299e3258491fc
SHA1

e4f72cc7b00d67124121c874d348b31e2b6a5832
SHA256

e83e1e03207765435301f6ebc1dcfdd78c2fa39cae90fb604f1544ed69eb34aa
SHA512

bb202df22c451e3df840d49f23a1ae0ff0f6bbfb48049291a85c078bcdfab6c9edfe7f360a5e004044ca5833d76862f7c6530b17d2f19073436efdf1d5cfc1d2
SSDEEP

3072:ZGFrgKKNNdlnnN6TQYoIoumxTHtOfwMfBSuYFYn/x2OyBXLKxbPH7dKm3p/razLN:0aB+JoIougxWStWnM5uZxKWqZCTBIC

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c1ab89ded8d685e859299e3258491fc_JaffaCakes118

Files

2c1ab89ded8d685e859299e3258491fc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e8e28597b4f21c4d96119fd85a0cf019

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsDebuggerPresent
WriteFile
WaitForSingleObject
VirtualFree
VirtualAlloc
UnmapViewOfFile
Sleep
FreeLibrary
GetSystemTimeAsFileTime
CreateSemaphoreA
SleepEx
HeapDestroy
HeapFree
HeapCreate
SetEndOfFile
GetLocalTime
SystemTimeToFileTime
GetSystemTime
SetFilePointer
QueueUserAPC
CreateMutexA
GlobalMemoryStatus
GlobalFree
GlobalAlloc
GetVersionExA
GetTickCount
GetTempPathA
CloseHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLogicalDriveStringsA
GetLastError
GetFileSize
GetDriveTypeA
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCurrentDirectoryA
GetCommandLineA
ExitThread
ExitProcess
DeleteFileA
CreateThread
CreateFileMappingA
CreateFileA
CreateEventA
CopyFileA
ReadFile
MapViewOfFile
HeapAlloc
LoadLibraryA

gdi32

MoveToEx
SetDIBColorTable
SelectObject
GdiFlush
SetBkMode
SetTextColor
CreateFontA
Ellipse
LineTo
Rectangle
BitBlt
CreateCompatibleDC
CreateDCA
CreateDIBSection
DeleteDC
DeleteObject
GetDIBColorTable
GetDeviceCaps
CreateHatchBrush

iphlpapi

GetNetworkParams
GetAdaptersInfo

msvcrt

_strlwr
memset
_except_handler3
_snprintf
memcpy
strcat
gmtime
_tzset
strftime
localtime
time
strncat
atoi
_pctype
_isctype
__mb_cur_max
memcmp
strcpy
sqrt
_ftol
strlen
free
strstr
_errno
malloc
calloc
memmove

user32

DrawTextA
GetDC

ws2_32

setsockopt
sendto
send
select
recvfrom
recv
listen
ioctlsocket
inet_addr
htons
htonl
getsockopt
getsockname
shutdown
getpeername
gethostbyname
connect
closesocket
bind
accept
__WSAFDIsSet
WSAStartup
WSASocketA
WSAGetLastError
WSAEnumProtocolsA
socket

Sections

UPX0
Size: 220KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e8e28597b4f21c4d96119fd85a0cf019

Headers

File Characteristics

Imports

kernel32

gdi32

iphlpapi

msvcrt

user32

ws2_32

Sections

UPX0 Size: 220KB - Virtual size: 220KB

.rsrc Size: 1KB - Virtual size: 4KB

.avp Size: 2KB - Virtual size: 4KB

UPX0
Size: 220KB - Virtual size: 220KB

.rsrc
Size: 1KB - Virtual size: 4KB

.avp
Size: 2KB - Virtual size: 4KB