2d2922325c6a9a1887bfb80bdf6abd85_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2d2922325c6a9a1887bfb80bdf6abd85_JaffaCakes118
Size

196KB
MD5

2d2922325c6a9a1887bfb80bdf6abd85
SHA1

2f3027207ba9fd3bda632adb03fdc588d09d9a26
SHA256

965f94452d1c70f619c3378ca3ba287b69729651f3da00f95e4ace3f7af9772b
SHA512

108ede833fe7b151409976a8bf29d896b9d152eee0f2f2d09c41e904dd976f2d53da55054496cf4ecbb6d7c6b708a747f569ce68741f873ac8f7443eeb48b59d
SSDEEP

3072:mvrc2ijBeKy2Qw3OrhyAmmMTmTgxv2Nw28/jPUHoZDYVEFwh8u7IDk:CxijB8w+gmcgv8bUHoJYLcDk

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d2922325c6a9a1887bfb80bdf6abd85_JaffaCakes118

Files

2d2922325c6a9a1887bfb80bdf6abd85_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c38eed9a4521f048c938efbdad470e6d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ipv6.pdb

Imports

advapi32

CloseServiceHandle
OpenServiceA
OpenSCManagerA
ControlService

kernel32

FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
MultiByteToWideChar
DeviceIoControl
GetLastError
lstrcatA
lstrcpyA
WideCharToMultiByte
CreateFileW
LoadLibraryExW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCommandLineA
GetVersionExA
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetACP
GetOEMCP
GetCPInfo
RtlUnwind
InterlockedExchange
VirtualQuery
GetStringTypeA
GetStringTypeW
SetFilePointer
LCMapStringA
LCMapStringW
GetLocaleInfoA
VirtualProtect
GetSystemInfo
SetStdHandle
FlushFileBuffers
CloseHandle
FormatMessageA
LocalFree
SetThreadUILanguage

ntdll

RtlGUIDFromString
RtlInitUnicodeString

ws2_32

htonl
getservbyname
htons
gethostbyaddr
ntohs
getservbyport
inet_ntoa
WSAStringToAddressA
WSAAddressToStringA
closesocket
WSAIoctl
socket
WSAStartup
gethostbyname
WSAGetLastError
WSASetLastError
inet_addr

ole32

CoUninitialize
CoCreateInstance
CoTaskMemFree
CoInitializeEx

user32

CharToOemBuffA

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c38eed9a4521f048c938efbdad470e6d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

ntdll

ws2_32

ole32

user32

Sections

.text Size: 48KB - Virtual size: 47KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 1024B - Virtual size: 1000B

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 48KB - Virtual size: 47KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 1024B - Virtual size: 1000B

UPX0
Size: 144KB - Virtual size: 380KB