382e690262f8ff5e0f8bb0a514bec0a5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

382e690262f8ff5e0f8bb0a514bec0a5_JaffaCakes118
Size

52KB
MD5

382e690262f8ff5e0f8bb0a514bec0a5
SHA1

1d01d8102808632f22b13ba8d2f40c5c9dfe41fa
SHA256

3f77868b222937052eb34f3a11388d1c22895b4d72d69236cabf4cc392442b16
SHA512

f314709ceb1d0b757315f449a768cf4832fc56be1585dec7d2c4deddd4886c6c01b6fe7f4e4998780363e7c82e0565e21e8f5234afb6fc29cfa202cd02d00647
SSDEEP

384:Wtec6tMfj45fxrq0tVF8LSlp+Ot1S1FUC2MDFfTKmDJN0LBV+582Wesi:W4toOZrd/SSh1IDFfrDJeBm7Wev

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
382e690262f8ff5e0f8bb0a514bec0a5_JaffaCakes118

Files

382e690262f8ff5e0f8bb0a514bec0a5_JaffaCakes118
.dll windows:4 windows x86 arch:x86

c3672b1fa3e4566a22f55f663516aeea

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetCurrentThreadId
ExitProcess
UnhandledExceptionFilter
RtlUnwind
RaiseException
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
FreeLibrary
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
WriteProcessMemory
WriteFile
VirtualProtectEx
VirtualFree
VirtualAlloc
UnmapViewOfFile
TerminateProcess
Sleep
SetSystemTime
SetFilePointer
ReadProcessMemory
ReadFile
OpenProcess
OpenFileMappingA
MoveFileExA
MapViewOfFile
LoadLibraryA
GlobalFindAtomA
GlobalDeleteAtom
GlobalAddAtomA
GetWindowsDirectoryA
GetSystemTime
GetSystemDefaultLCID
GetProcAddress
GetPrivateProfileStringA
GetModuleHandleA
GetModuleFileNameA
GetLastError
GetEnvironmentStringsA
GetCurrentProcess
GetComputerNameA
FindFirstFileA
FindClose
CreateThread
CreateMutexA
CreateFileA
CompareStringA
CloseHandle

advapi32

RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

gdi32

GetTextCharset
GetMetaRgn

user32

UnhookWindowsHookEx
SetWindowsHookExA
SendMessageA
PostThreadMessageA
MessageBoxA
IsClipboardFormatAvailable
GetSubMenu
GetWindow
GetMessageA
GetKeyState
GetClipboardOwner
GetClassNameA
GetClassLongA
FindWindowA
CallNextHookEx

wsock32

WSACleanup
WSAStartup
gethostbyname
socket
send
recv
htons
connect
closesocket

Exports

Exports

vista1
vista2

Sections

UPX0
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c3672b1fa3e4566a22f55f663516aeea

Headers

File Characteristics

Imports

kernel32

advapi32

gdi32

user32

wsock32

Exports

Exports

Sections

UPX0 Size: 48KB - Virtual size: 48KB

.rsrc Size: 1024B - Virtual size: 4KB

.avc Size: 2KB - Virtual size: 4KB

UPX0
Size: 48KB - Virtual size: 48KB

.rsrc
Size: 1024B - Virtual size: 4KB

.avc
Size: 2KB - Virtual size: 4KB