30028dfc8fb76c7af6c71f7a3f41f727_JaffaCakes118

General

Target

30028dfc8fb76c7af6c71f7a3f41f727_JaffaCakes118
Size

75KB
MD5

30028dfc8fb76c7af6c71f7a3f41f727
SHA1

61f24a2bf707baa3882b3970b164529e264a33b5
SHA256

050319d468361d9053b4397781e06d9c5e9adf10017f0697919c304644f8c097
SHA512

56e42875984bf218f0ff12b654edcd054b208f5658e6094e3a93e6ff5e9334ec2438b5c7722e4f0254030608f0384480a63f602bece4a8704a7e3693ec50de23
SSDEEP

768:icKKZwL+OyMbJl1ruEj7uc9UsMM2tl1rtweP:SK6YEJuEjHUsMFtt3P

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30028dfc8fb76c7af6c71f7a3f41f727_JaffaCakes118

Files

30028dfc8fb76c7af6c71f7a3f41f727_JaffaCakes118
.exe windows:4 windows x86 arch:x86

56efd7dd81555624821c4297e6cd3ace

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
__vbaVarSub
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaFreeVar
__vbaLineInputStr
__vbaLenBstr
__vbaStrVarMove
__vbaLateIdCall
__vbaPut3
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaCopyBytes
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaVarXor
__vbaVarForInit
__vbaExitProc
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
__vbaBoolVarNull
__vbaFpR8
_CIsin
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaVarTstEq
__vbaDateR8
__vbaI2I4
DllFunctionCall
__vbaFpUI1
_adj_fpatan
__vbaRedim
EVENT_SINK_Release
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
__vbaDateStr
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaInStrVar
__vbaUbound
__vbaStrVarVal
__vbaGetOwner3
__vbaVarCat
__vbaDateVar
__vbaI2Var
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaInStr
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
__vbaI4Var
__vbaVarCmpEq
__vbaVarAdd
__vbaStrToAnsi
__vbaVarDup
__vbaVarCopy
__vbaFpI4
_CIatan
__vbaStrMove
_allmul
__vbaLenVarB
_CItan
__vbaFPInt
__vbaUI1Var
__vbaVarForNext
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

UPX0
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

56efd7dd81555624821c4297e6cd3ace

Headers

File Characteristics

Imports

msvbvm60

Sections

UPX0 Size: 60KB - Virtual size: 60KB

.rsrc Size: 11KB - Virtual size: 12KB

.avc Size: 2KB - Virtual size: 4KB

UPX0
Size: 60KB - Virtual size: 60KB

.rsrc
Size: 11KB - Virtual size: 12KB

.avc
Size: 2KB - Virtual size: 4KB