38379bac669b7cf9628a7f00d50906d2_JaffaCakes118

General

Target

38379bac669b7cf9628a7f00d50906d2_JaffaCakes118
Size

156KB
MD5

38379bac669b7cf9628a7f00d50906d2
SHA1

d300c24956551858ea47b46c107731c63908e247
SHA256

3a3a2e850ffdf418f33f4729d26235fdf9f5da1332c88f394af409a7512583c1
SHA512

188a3191f6b9a0b3c5ff5d02246e04e5225d7ed108e87729fddb5f09da02269f6b6ef44893675973f2fa4309f98246b7937b19d6cca744dd306d2008dd23d9c1
SSDEEP

3072:kLsk+CytO9luZJLQLLYILDRU37kLFAt37nRBEONv9JdCr:MsLCP9luZJELJskLFAt37RBERr

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38379bac669b7cf9628a7f00d50906d2_JaffaCakes118

Files

38379bac669b7cf9628a7f00d50906d2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fb45e0709a7a3cd010067a93e01ceb3e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Documents and Settings\Margaret Stone\My Documents\Visual Studio Projects\RetrieveRanges\Release\RetrieveRanges.pdb

Imports

kernel32

ExitProcess
GetModuleHandleA
GetCommandLineA
GetVersionExA
HeapFree
GetLastError
CloseHandle
GetProcAddress
TerminateProcess
GetCurrentProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
MultiByteToWideChar
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
GetCPInfo
HeapReAlloc
SetStdHandle
FlushFileBuffers
ReadFile
CreateFileA
LoadLibraryA
RtlUnwind
InterlockedExchange
GetLocaleInfoA
LCMapStringA
LCMapStringW
SetFilePointer
SetEndOfFile
HeapSize

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX0
Size: 104KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fb45e0709a7a3cd010067a93e01ceb3e

Headers

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 36KB - Virtual size: 34KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 7KB

.UPX0 Size: 104KB - Virtual size: 252KB

.text
Size: 36KB - Virtual size: 34KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 7KB

.UPX0
Size: 104KB - Virtual size: 252KB