300207a4011f9ea7d835a727ba978d0b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

300207a4011f9ea7d835a727ba978d0b_JaffaCakes118
Size

256KB
MD5

300207a4011f9ea7d835a727ba978d0b
SHA1

219864631df303c6deb44d871b5132f6467d0a68
SHA256

1923e1157c761a5be93599309de1d0c1ba0a732e06e4e30427e8c028b620bbb5
SHA512

99d505c83837fc6166c047e7a3b61801c0891c534d5494cd7b16182e6dafe8c37c049da1d0d20b113ae2ba6b53f239056ec8bcb2cd2bd44e32d35f64e4a79302
SSDEEP

6144:iw5J8uT7bp56aZVgpomM4sFVilzoUy7Xt+:fpd5nVEM4sFkF3y7XA

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
300207a4011f9ea7d835a727ba978d0b_JaffaCakes118

Files

300207a4011f9ea7d835a727ba978d0b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a269b8ee4d6e62df5f347b4042dfc5ed

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
GetLastError
GetTickCount
GetCurrentProcess
MultiByteToWideChar
GetSystemDirectoryW
GetVersionExA
GetProcessHeap
GetStartupInfoW
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
TlsAlloc
GetCurrentThreadId
HeapCreate
ExitProcess
GetModuleFileNameA
GetEnvironmentStringsW
GetStartupInfoA
QueryPerformanceCounter
GetCurrentProcessId
GetStringTypeA
GetStringTypeW
Sleep
GetLocaleInfoA
InitializeCriticalSection
LoadLibraryA
GetProcAddress

user32

GetSystemMetrics
DestroyIcon
DestroyMenu
LoadCursorA
GetFocus
UnregisterClassA
GetSubMenu
MessageBoxIndirectW
IsDlgButtonChecked
GetClassInfoExA
CharNextW
OpenClipboard
GetMessageW
wvsprintfA
CreateDialogParamW
SetWindowPos
LoadBitmapA
WaitMessage
RegisterWindowMessageW
GetMenuStringW
SetFocus
GetMenuItemInfoA
SendMessageW
CreateDialogIndirectParamW
GetKeyState
SetWindowTextW
GetDlgItemTextA
wsprintfA
LoadMenuIndirectA
CheckMenuItem
EnableWindow
SetParent
MessageBoxA
EndMenu
SetActiveWindow
LoadIconW
LoadIconA
CreateWindowExW

advapi32

RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegDeleteKeyW
CloseServiceHandle
StartServiceW
OpenServiceW
OpenSCManagerW

usp10

ScriptGetProperties
ScriptTextOut
ScriptGetCMap
ScriptFreeCache
ScriptString_pLogAttr
ScriptShape
UspAllocCache
ScriptRecordDigitSubstitution
ScriptBreak

gdi32

CreateEllipticRgn
CreateFontIndirectExW
CreateBitmapIndirect
CreateColorSpaceW
ExtCreateRegion
CreatePatternBrush
GetMetaFileW

sensapi

IsDestinationReachableA

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

CODE
Size: 4KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 101KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX1
Size: 3KB - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 115KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a269b8ee4d6e62df5f347b4042dfc5ed

Headers

File Characteristics

Imports

kernel32

user32

advapi32

usp10

gdi32

sensapi

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 3KB - Virtual size: 35KB

CODE Size: 4KB - Virtual size: 304KB

.edata Size: 101KB - Virtual size: 162KB

UPX1 Size: 3KB - Virtual size: 277KB

.data Size: 7KB - Virtual size: 73KB

.edata Size: 115KB - Virtual size: 162KB

.rdata Size: 3KB - Virtual size: 19KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 3KB - Virtual size: 35KB

CODE
Size: 4KB - Virtual size: 304KB

.edata
Size: 101KB - Virtual size: 162KB

UPX1
Size: 3KB - Virtual size: 277KB

.data
Size: 7KB - Virtual size: 73KB

.edata
Size: 115KB - Virtual size: 162KB

.rdata
Size: 3KB - Virtual size: 19KB

.rsrc
Size: 4KB - Virtual size: 4KB