341a44d437f6bec7438f3b134bf0d332_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

341a44d437f6bec7438f3b134bf0d332_JaffaCakes118
Size

256KB
MD5

341a44d437f6bec7438f3b134bf0d332
SHA1

eab9fa2831414c4f209048c0406be030606b7f33
SHA256

5d64de9dadc70ead3af0e33fb8f0fa634c4262ec4cb1808475ad2c5d10f42b75
SHA512

90b1a2f626a15d2146089408cf07d53a20660a1e14d85361ee646dfb07f25412a549bbb274271ab00115c4662cbeeb9c793e466c391f5b4a1ce640c195c67298
SSDEEP

6144:Lw5J8uT7bp56aZVgpomM4sFVilzoUy7Xt+:Mpd5nVEM4sFkF3y7XA

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
341a44d437f6bec7438f3b134bf0d332_JaffaCakes118

Files

341a44d437f6bec7438f3b134bf0d332_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a269b8ee4d6e62df5f347b4042dfc5ed

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
GetLastError
GetTickCount
GetCurrentProcess
MultiByteToWideChar
GetSystemDirectoryW
GetVersionExA
GetProcessHeap
GetStartupInfoW
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
TlsAlloc
GetCurrentThreadId
HeapCreate
ExitProcess
GetModuleFileNameA
GetEnvironmentStringsW
GetStartupInfoA
QueryPerformanceCounter
GetCurrentProcessId
GetStringTypeA
GetStringTypeW
Sleep
GetLocaleInfoA
InitializeCriticalSection
LoadLibraryA
GetProcAddress

user32

GetSystemMetrics
DestroyIcon
DestroyMenu
LoadCursorA
GetFocus
UnregisterClassA
GetSubMenu
MessageBoxIndirectW
IsDlgButtonChecked
GetClassInfoExA
CharNextW
OpenClipboard
GetMessageW
wvsprintfA
CreateDialogParamW
SetWindowPos
LoadBitmapA
WaitMessage
RegisterWindowMessageW
GetMenuStringW
SetFocus
GetMenuItemInfoA
SendMessageW
CreateDialogIndirectParamW
GetKeyState
SetWindowTextW
GetDlgItemTextA
wsprintfA
LoadMenuIndirectA
CheckMenuItem
EnableWindow
SetParent
MessageBoxA
EndMenu
SetActiveWindow
LoadIconW
LoadIconA
CreateWindowExW

advapi32

RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegDeleteKeyW
CloseServiceHandle
StartServiceW
OpenServiceW
OpenSCManagerW

usp10

ScriptGetProperties
ScriptTextOut
ScriptGetCMap
ScriptFreeCache
ScriptString_pLogAttr
ScriptShape
UspAllocCache
ScriptRecordDigitSubstitution
ScriptBreak

gdi32

CreateEllipticRgn
CreateFontIndirectExW
CreateBitmapIndirect
CreateColorSpaceW
ExtCreateRegion
CreatePatternBrush
GetMetaFileW

sensapi

IsDestinationReachableA

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

CODE
Size: 4KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 101KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX1
Size: 3KB - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 115KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a269b8ee4d6e62df5f347b4042dfc5ed

Headers

File Characteristics

Imports

kernel32

user32

advapi32

usp10

gdi32

sensapi

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 3KB - Virtual size: 35KB

CODE Size: 4KB - Virtual size: 304KB

.edata Size: 101KB - Virtual size: 162KB

UPX1 Size: 3KB - Virtual size: 277KB

.data Size: 7KB - Virtual size: 73KB

.edata Size: 115KB - Virtual size: 162KB

.rdata Size: 3KB - Virtual size: 19KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 3KB - Virtual size: 35KB

CODE
Size: 4KB - Virtual size: 304KB

.edata
Size: 101KB - Virtual size: 162KB

UPX1
Size: 3KB - Virtual size: 277KB

.data
Size: 7KB - Virtual size: 73KB

.edata
Size: 115KB - Virtual size: 162KB

.rdata
Size: 3KB - Virtual size: 19KB

.rsrc
Size: 4KB - Virtual size: 4KB