2f5b98241583be32b68d1c8b7f00ed52_JaffaCakes118

General

Target

2f5b98241583be32b68d1c8b7f00ed52_JaffaCakes118
Size

155KB
MD5

2f5b98241583be32b68d1c8b7f00ed52
SHA1

1ff84eef362dbc562a7ad946fd2158c53fd0ff8c
SHA256

31a36acda820e4239b4a602604ee500e0d88f847fd60e4c55f434ec501dc1aac
SHA512

cbf22f50ec7a947f1dfb8d4a96262d65c096ee63aff1b7564290d85e1f8d019be1bc5642dc99a72118daf495a080e949b9cd4c8afa58030d4fbb2d5b8774ce39
SSDEEP

3072:tcnm7isGXuc8VdoS649KgjZax9Hi7wZVGrY8lDaTgjj:qm7iWtj62Pai4VGrY8ZHn

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f5b98241583be32b68d1c8b7f00ed52_JaffaCakes118

Files

2f5b98241583be32b68d1c8b7f00ed52_JaffaCakes118
.exe windows:6 windows x86 arch:x86

60f72ec9c8d8749a6590ee227cbab51c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mrinfo.pdb

Imports

kernel32

LocalFree
LocalAlloc
WideCharToMultiByte
FormatMessageW
HeapSetInformation
SetThreadUILanguage
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedCompareExchange
Sleep
InterlockedExchange
UnhandledExceptionFilter

msvcrt

_initterm
_controlfp
_amsg_exit
_except_handler4_common
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_XcptFilter
_exit
_cexit
__getmainargs
memcpy
exit
atoi
malloc
free
_iob
_fileno
_write

ws2_32

WSAStartup
inet_ntoa
socket
bind
setsockopt
inet_addr
gethostbyname
htons
gethostname
select
recvfrom
WSACleanup
gethostbyaddr
htonl
sendto

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 582B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

60f72ec9c8d8749a6590ee227cbab51c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcrt

ws2_32

Sections

.text Size: 6KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 582B

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 6KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 582B

UPX0
Size: 144KB - Virtual size: 380KB