3b6574582884d7527b510ffd961cc000_JaffaCakes118

General

Target

3b6574582884d7527b510ffd961cc000_JaffaCakes118
Size

135KB
MD5

3b6574582884d7527b510ffd961cc000
SHA1

d96b909d8833a013a5d667fc38627bac40bbc595
SHA256

38712f573a59a45c100e8b01fdf9b1284e144eaee9a9fa6d62afe88e95b05842
SHA512

4a23f212387f761a83c5ac3e90e0491522b535c4c0e9ae66efabcd2227644e985b48cab01566cc11516788087a4843c184f37b8f924fa556f7be9cdab22ff1ba
SSDEEP

3072:Kp6dXBFHF7wqzlvhFWFiI1eaXF9pPVCNCxNbBW2:K8XBFHF8qzlvhFWFiI1eaXF9pPVCNCxZ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b6574582884d7527b510ffd961cc000_JaffaCakes118

Files

3b6574582884d7527b510ffd961cc000_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e397e2370204a1e1bf8051948e88fd54

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
TerminateProcess
WinExec
GetProcAddress
GetSystemDirectoryA
GetFileAttributesA
lstrlenA
lstrcpynA
lstrcpyA
lstrcmpA
CloseHandle
CopyFileA
CreateDirectoryA
CreateFileA
CreateProcessA
DeleteFileA
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetComputerNameA
GetCurrentProcess
GetDriveTypeA
_lopen
GetFileSize
GetModuleFileNameA
lstrcatA
SetCurrentDirectoryA
SetFileAttributesA
GetTickCount
GetVersionExA
GetVolumeInformationA
GetWindowsDirectoryA
LoadLibraryA
OpenProcess
_lread
Sleep
_lwrite
_lcreat
WriteFile
_lclose
_llseek

advapi32

RegSetValueExA
AdjustTokenPrivileges
GetUserNameA
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegCreateKeyA
RegEnumValueA
RegOpenKeyA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyA

gdi32

SelectObject
GetDeviceCaps
GetDIBColorTable
GdiFlush
DeleteObject
DeleteDC
CreateDIBSection
CreateDCA
CreateCompatibleDC
BitBlt

shell32

SHFileOperationA
ShellExecuteA

user32

MessageBeep
LoadIconA
UnhookWindowsHookEx
TranslateMessage
SystemParametersInfoA
SetWindowsHookExA
PostQuitMessage
SendMessageA
RegisterClassExA
MessageBoxExA
GetMessageA
GetForegroundWindow
IsIconic
CloseWindow
CreateWindowExA
DefWindowProcA
FindWindowA
wsprintfA
LoadCursorA
DispatchMessageA
ExitWindowsEx

wsock32

send
socket
recv
listen
htons
accept
closesocket
WSAStartup
WSACleanup
WSAAsyncSelect
bind

Sections

UPX0
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e397e2370204a1e1bf8051948e88fd54

Headers

File Characteristics

Imports

kernel32

advapi32

gdi32

shell32

user32

wsock32

Sections

UPX0 Size: 132KB - Virtual size: 132KB

.avp Size: 2KB - Virtual size: 4KB

UPX0
Size: 132KB - Virtual size: 132KB

.avp
Size: 2KB - Virtual size: 4KB