3451f99d3234736164cbbda5075c7c46_JaffaCakes118

General

Target

3451f99d3234736164cbbda5075c7c46_JaffaCakes118
Size

568KB
MD5

3451f99d3234736164cbbda5075c7c46
SHA1

19902ed942339673a16be0d9ca87142cefe539a2
SHA256

9ea0b1b5c57bc4ab4679afd224b80f8626405d3e6a2c5b6b4d9a71828a4caf9e
SHA512

77451a3a9f8b2e4c02ead6245ae34c78a26caf560200d19def7d6c9edf58dfe455ba57b14bfa9822bd623c5f2ba47aece54d1a0707193ac4cb945b511ce99c24
SSDEEP

3072:LJzwocFBp8FXBNhUMjm1h4dsnsNWlSBuCngwUY:L+FBWFXBVm1h4mnsN2S4CR

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3451f99d3234736164cbbda5075c7c46_JaffaCakes118

Files

3451f99d3234736164cbbda5075c7c46_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f64b026d0e62e40df4a901ae0eda73af

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
HeapAlloc
GetOEMCP
GetACP
GetCPInfo
WriteFile
RtlUnwind
HeapFree
HeapReAlloc
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GlobalAlloc
GetEnvironmentStrings
GlobalFree
lstrcpyA
VirtualFree
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
GetStringTypeW

user32

PostQuitMessage
SetTimer
BeginPaint
EndPaint
DefWindowProcA
InvalidateRect
DestroyWindow
GetClientRect
LoadImageA
GetDC
ReleaseDC
GetMessageA
DispatchMessageA
TranslateMessage
LoadBitmapA
GetDesktopWindow
GetWindowRect
CreateWindowExA
SetWindowPos
ShowWindow
UpdateWindow
LoadIconA
LoadCursorA
RegisterClassA

gdi32

GetDIBColorTable
CreateCompatibleDC
SelectObject
SelectPalette
RealizePalette
SetStretchBltMode
StretchBlt
DeleteDC
CreatePalette
GetObjectA
DeleteObject
GetStockObject

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 484KB - Virtual size: 482KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f64b026d0e62e40df4a901ae0eda73af

Headers

File Characteristics

Imports

kernel32

user32

gdi32

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 484KB - Virtual size: 482KB

.UPX Size: 60KB - Virtual size: 60KB

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 484KB - Virtual size: 482KB

.UPX
Size: 60KB - Virtual size: 60KB