2f9e13a142268e717e20c05c15365495_JaffaCakes118

General

Target

2f9e13a142268e717e20c05c15365495_JaffaCakes118
Size

66KB
MD5

2f9e13a142268e717e20c05c15365495
SHA1

5fad82cf8a3451b4d43a25f2ff145916913acc29
SHA256

9ecc2bb3d3c07be939e41ed81e48341b8cbc606ccb4b947079d815503c3f0094
SHA512

6f2de11d54f14ca43e3a9ff0695eba71bfb9a3907c95496c2f5165dbd38cb09d7e3406eb6c4bebb7595c168bc51595ca208f70ee96256da5afc482214ff50a90
SSDEEP

1536:UMbIm9Kx8gg637lEWTn++n8oHipeskd1ovu6yrRtGw:xrMm563REWT+QipqdeW6yr/Gw

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f9e13a142268e717e20c05c15365495_JaffaCakes118

Files

2f9e13a142268e717e20c05c15365495_JaffaCakes118
.exe windows:4 windows x86 arch:x86

671a32c8cf06dd3cfbc5d51a4c241663

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateToolhelp32Snapshot
WaitForSingleObject
Thread32Next
Thread32First
OpenProcess
Sleep
DeleteFileA
CreateThread
LoadLibraryA
WriteFile
GetSystemDirectoryA
GetCommandLineA
ExitProcess
Process32First
ResumeThread
WinExec
CreateProcessA
CopyFileA
TerminateProcess
GetModuleFileNameA
GetStringTypeA
RtlUnwind
GetStringTypeW
LCMapStringW
LCMapStringA
MultiByteToWideChar
WideCharToMultiByte
Process32Next
GetCurrentProcess
GetWindowsDirectoryA
CreateFileA
GetFileTime
CloseHandle
SetFileTime
GetLocalTime
GetCurrentThreadId
GetTickCount

advapi32

RegCloseKey
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegSetValueExA
RegQueryValueExA
RegEnumValueA
RegDeleteValueA

user32

GetMessageA
PostMessageA
GetClassNameA
EnumThreadWindows
GetWindow
FindWindowA
GetInputState
PostThreadMessageA
GetWindowTextA
TranslateMessage
DispatchMessageA

winmm

mixerGetLineControlsA
mixerGetLineInfoA
mixerClose
mixerOpen
mixerSetControlDetails

Sections

UPX0
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

671a32c8cf06dd3cfbc5d51a4c241663

Headers

File Characteristics

Imports

kernel32

advapi32

user32

winmm

Sections

UPX0 Size: 64KB - Virtual size: 64KB

.avc Size: 1KB - Virtual size: 4KB

UPX0
Size: 64KB - Virtual size: 64KB

.avc
Size: 1KB - Virtual size: 4KB