3545f65648cfee3fec914c05dd90b274_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3545f65648cfee3fec914c05dd90b274_JaffaCakes118
Size

422KB
MD5

3545f65648cfee3fec914c05dd90b274
SHA1

1ed6fb4cf6950d1d9026f99c986f6ef8bc73a540
SHA256

264c892a0104cf30ae951ed479467e1f0afbb6180188de15ea5d5a4170b98bf2
SHA512

b414f109857f7f9c00275bb9d0c27ab6d63dbaad790c2f39e1684fc67eb72b1913beb8b96a91dca4eb90e2ea39e854d150f7547d9c4d19865a04742b78e236e1
SSDEEP

12288:dboffcU7Gyi/VivlQ1MoxAWgdiEthmLYX/E/:dSfcUayQV6Q+oqWxEWm

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3545f65648cfee3fec914c05dd90b274_JaffaCakes118

Files

3545f65648cfee3fec914c05dd90b274_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cb93a4a67f6a3b18f9b22b2f63262d9c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetLocaleInfoA
GetModuleHandleA
LoadLibraryA
VirtualAlloc
VirtualFree
GetModuleFileNameA
ExitProcess

user32

GetProcessWindowStation
MessageBoxA

advapi32

CloseServiceHandle

oleaut32

SysAllocStringLen

gdi32

CreateBitmap

wsock32

inet_addr

shell32

ShellExecuteA

psapi

GetModuleFileNameExA

avicap32

capGetDriverDescriptionA

wininet

HttpQueryInfoA

ntdll

ZwUnmapViewOfSection

Exports

Exports

��\<�>!)��]\��Zݰ��SL��R�f{.��Ă��O��k5�\�#�n0�%�O۔��i��Vmy&p_�R��ʧ�n9D[�l�[,�X\��$H.4��^şT7��q8�Sh�/�Α��F�m��۰�@�V\�5}]_d��j,�=� ��.XQa��e��Ζ��[y�u��(�X��ьA�'\,��2x,+f��y��N.��r�/Ș�fV��'�N��BZ�_��+�T��;d��͇�qx�\D��F�h��g~��s��u�ꀵ�T�8P$�2�Â�+��~X��} ��t�}�YÞC��^L��9��w0��#_b��]q�\��g� �d�7l�V�C�Eп6x��&/l?�*�Biޥ(;n��c(��sN��RA��Q L<Œ�?Fz�b�Gl��VÊ�p��.砳&�o-�'��2L�%˔E x,��f��R/��:\�e�*ᚾ�G�3]�A�ODR��m�B�V0��Z��/��=E��`cU�E��q`��x�e��`us��*��P�n͋<�d:�3�C*�SP� `|��ѧ6u%�[��毛�y@�m��:�GVa>K\/(f�%��T�*�{G8��ɟ�o�m�*Vc�5�� ^�M'P5]�s�Y.��\9��-��I�D��_J dRl��n��C��a��u?�&8�`t��uiK��)Ǡg@��\��ED�AS��"1ϜR7�i�r�a��"�C�ʐ�O��"��#i ��an�3#,�e�6Bn��{҆�T�@K��·n-��.е?VL��]�=o*��`�"��LB�t�a��_��fC��bc��W6��1�q�c�F��#9^Y�W��-P`�jH��a�S�X��k�c�L�ܒ��]��wk4��g��d��/8 棼��.Q=]y[�:�+��#��@,X��JV9�� U�f��o� ��b�I�9{G��=0�|˧�]�!��HF��?��g�z<�g�'�%VPV�6��,e?�G��zfՑ�gy��졅O֒K��4�W֍Յ� 7L�[� ��\�zNܟ] �0�q݄�GN�� +*��Fa�}��_b��Y�� [,�f�ڑM�<��%ʬ��3�.�O�AxT�=�#|4��('�D�|};�x}D/`��d4�6��jD��&�R�$<��s�3��)k�~� ��͚��3�_n�oDV�۪;�]��,�]�8��M� �:Z\G��d�:��l}�Ɍ=��Q�� /rx��٧pT��a+�?d��,oxNB��|�~\�=.��_ r��؋Է*%�Gz��kꚔp��9Z�D�P�0/_1h� W�$��b��<P!��a��k��n�h-��j��xܓ��dxy��;(�_B�;�i@jg�"�A�8��o�+K�%�(�CA?�d&~I�[�*oGW�+��\,�V��B2�{�p{��N��1?��CB0S �X��z_�� :~��~=��~��~�M%4�k�曘-�¹)��Vvg��!�Ff�A��S��j�7�U��8@�c�q&�R`$!��v��a� V !��$�Mi�b��1c�>��r/� 0�Y�Y�H��b��d�&c�K��m:�6^�)2��)ù\��U��5� �Q�IhP<� ��?��G<�W��Nx�*H%�~6¨��7��F--}�o��^<<�ݚk�1��SA]�4��R��'��o* R�=�AX��Q7x+�r�'`u�`eb��/}T��.x��T��S�׺��.�};��!��R�`�J��gu�-Y� 5��̿�c��@B��亝��z&�6 �+X�&�-�N��/k�1�n��`%k��X}m �,��<ֵ��Z@�zG�1abA��O]�W�G��Ɇ=^VtT��/�~��+��a �wGa 7�4�W��E�~e��Z;#�6c�J��P��؏�:�q��?��x|�Nu��@P�w�D�T� YyH��^�F�+��rab��&p��O�q�{�7��HTt �W� @Zp�GK�@v�k�5_]N��|r.v��R��4� ��A �p��?b�N[!B(v?�0��5�!|�qJ�kwG�9�y�:>�J�V��S%$C�Ǟ� n��h�X�hgҗ,E[��ZnI�E�:�t2z��`Wb�J�n�**��1�4%nW@��5��r��`9�T��g�#�V��~�&?Qj�"�6U��/��HA�o=׭��t%�\�u�E:�~�9�{�$խ��r:�W=iq2��'9q�1╷D@��V�s4?"@d�s��n�h��g0� S�x�Ā��ٲ{?�THDw�I��`T3�`!�"��Jtx��1�v��~/!G"=j��@D4�ŭ4�Â*��q��pStR͑��5��#o�u��V�Q��&�N}R��ִx�5��:z��\C��y�Z�6^|o%A�E/�mF�ǉ�,i��^�Jj��F��a�}��e�ڍw��v�R�A�Z�G��Eg��{N�`y܊39�4��&M�q��1��/��J��%��{V��O&2F�/,��ˬJ[HB��_��ߐ��?�mKf��T*��>4�z��R� ��)4��J킩�V��o��e��+j1��yYv��m-}hpvY�e�^�z��;wV�|��_��}Ǥ�vs��8t`��dއ��>^��.�Z띘��T�1��o�%A �;�́�|ǀq��C�ӡ�;��w&�� }Gk�RC{�.��g�9��\;�Y�h N5*A��k

Sections

CODE
Size: - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX1
Size: - Virtual size: 336KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_WRITE

.UPX2
Size: 414KB - Virtual size: 413KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cb93a4a67f6a3b18f9b22b2f63262d9c

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

gdi32

wsock32

shell32

psapi

avicap32

wininet

ntdll

Exports

Exports

Sections

CODE Size: - Virtual size: 96KB

DATA Size: - Virtual size: 4KB

BSS Size: - Virtual size: 2KB

.idata Size: - Virtual size: 5KB

.tls Size: - Virtual size: 8B

.rdata Size: - Virtual size: 24B

.UPX0 Size: - Virtual size: 6KB

.rsrc Size: 6KB - Virtual size: 9KB

.UPX1 Size: - Virtual size: 336KB

.UPX2 Size: 414KB - Virtual size: 413KB

.reloc Size: 512B - Virtual size: 296B

CODE
Size: - Virtual size: 96KB

DATA
Size: - Virtual size: 4KB

BSS
Size: - Virtual size: 2KB

.idata
Size: - Virtual size: 5KB

.tls
Size: - Virtual size: 8B

.rdata
Size: - Virtual size: 24B

.UPX0
Size: - Virtual size: 6KB

.rsrc
Size: 6KB - Virtual size: 9KB

.UPX1
Size: - Virtual size: 336KB

.UPX2
Size: 414KB - Virtual size: 413KB

.reloc
Size: 512B - Virtual size: 296B