398f22c351b44b0f878e04cbab41562e_JaffaCakes118

General

Target

398f22c351b44b0f878e04cbab41562e_JaffaCakes118
Size

400KB
MD5

398f22c351b44b0f878e04cbab41562e
SHA1

a860f52a196504ccd0a59c9e0e18ccd795c79e35
SHA256

c849449de671c0b9895ea85bbbee0ef53025c30df27be8259f54bd64b39c2971
SHA512

be6d642253becf8f0730afd6056134fda2e9f5136d469c23b753b2dc4c868f3cdaabd33f432fbb6a721136a9f4b3ee2e188425112e3099cb3ba38cadedde0709
SSDEEP

3072:PxpNpEN/8HYARD8zKIhO9UxcQj5yrZe1MZ9DwVJllyT0WY7wpHfM7RxgIc4nKR4R:PxVKP77wpHEHgj4nKbOW9oLtb7

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
398f22c351b44b0f878e04cbab41562e_JaffaCakes118

Files

398f22c351b44b0f878e04cbab41562e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

789c8854cd7f28a322d10d984c4f1a3c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
ord696
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
ord516
_adj_fprem1
__vbaCopyBytes
ord628
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
__vbaLenBstrB
ord665
_adj_fdiv_m32
__vbaAryDestruct
_adj_fdiv_m16i
_adj_fdivr_m16i
ord598
__vbaCyStr
ord520
_CIsin
__vbaErase
ord631
__vbaVarZero
ord632
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaAryConstruct2
DllFunctionCall
__vbaLbound
_adj_fpatan
__vbaRedim
__vbaUI1ErrVar
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaI2Str
ord608
__vbaFPException
__vbaUbound
__vbaStrVarVal
__vbaVarCat
ord644
ord537
_CIlog
__vbaErrorOverflow
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord681
__vbaI4Str
__vbaFreeStrList
__vbaDerefAry1
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
__vbaAryLock
__vbaStrToAnsi
__vbaFpI4
_CIatan
__vbaAryCopy
__vbaStrMove
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaI4ErrVar
__vbaFreeObj
__vbaFreeStr
ord581

Sections

UPX0
Size: 296KB - Virtual size: 296KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

789c8854cd7f28a322d10d984c4f1a3c

Headers

File Characteristics

Imports

msvbvm60

Sections

UPX0 Size: 296KB - Virtual size: 296KB

UPX1 Size: 84KB - Virtual size: 84KB

.rsrc Size: 16KB - Virtual size: 16KB

UPX0
Size: 296KB - Virtual size: 296KB

UPX1
Size: 84KB - Virtual size: 84KB

.rsrc
Size: 16KB - Virtual size: 16KB