33fe1c1a642ac28f1badb278637144cb_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

33fe1c1a642ac28f1badb278637144cb_JaffaCakes118
Size

48KB
MD5

33fe1c1a642ac28f1badb278637144cb
SHA1

3d54aea62981f0bfddb07142558719c7efa9bb0d
SHA256

42e8c6565788ed0d4aea6b3ec40fbb2c9de693552293843ced0db7e4ecbccbdc
SHA512

7fc6c4a0e8b9a4f7773afc72e69cc2b66f20a6b23fef30806b440fc374fabcf0bba2358a476cdf75eb4d75dadfeba13e39a91399f7c73daa4db8f2a9e7a5da0b
SSDEEP

384:sjBH50avGVldUIvRiBdZikVJIJdZlFjHqQBZ2LxOFuCJNWt2EHcbqk6sz:KH9od5iBdZiYGbpByMFtQ2EHcbLFz

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
33fe1c1a642ac28f1badb278637144cb_JaffaCakes118

Files

33fe1c1a642ac28f1badb278637144cb_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

19bc76fa7dcb552ac439248d5d40bfd6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcatA
CreateDirectoryA
lstrcmpiA
lstrcpynA
GetShortPathNameA
DeleteFileA
CreateFileA
GlobalAlloc
WriteFile
GlobalFree
WaitForSingleObject
GetExitCodeThread
OutputDebugStringA
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
lstrlenW
MultiByteToWideChar
lstrlenA
TerminateProcess
GetModuleHandleA
GetModuleFileNameA
WideCharToMultiByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
GetLastError
LoadLibraryExA
lstrcpyA
OpenProcess
IsDBCSLeadByte
HeapDestroy
GetProcAddress
LoadLibraryA
CreateThread
CloseHandle
TerminateThread

advapi32

RegEnumKeyExA
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA

mfc42

msvcrt

?terminate@@YAXXZ
_adjust_fdiv
??1type_info@@UAE@XZ
memcmp
memset
realloc
_initterm
_except_handler3
__CxxFrameHandler
_CxxThrowException
malloc
free
_purecall
memcpy

ole32

CoCreateInstance
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc

oleaut32

shell32

ShellExecuteA

user32

DialogBoxParamA
GetWindowThreadProcessId
GetParent
SetWindowLongA
GetWindowLongA
MoveWindow
CharNextA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

19bc76fa7dcb552ac439248d5d40bfd6

Headers

File Characteristics

Imports

kernel32

advapi32

mfc42

msvcrt

ole32

oleaut32

shell32

user32

Exports

Exports

Sections

UPX0 Size: 40KB - Virtual size: 40KB

.rsrc Size: 5KB - Virtual size: 8KB

.avp Size: 2KB - Virtual size: 4KB

UPX0
Size: 40KB - Virtual size: 40KB

.rsrc
Size: 5KB - Virtual size: 8KB

.avp
Size: 2KB - Virtual size: 4KB