3e3ee4f7a69613062dd67987ed5c100a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3e3ee4f7a69613062dd67987ed5c100a_JaffaCakes118
Size

170KB
MD5

3e3ee4f7a69613062dd67987ed5c100a
SHA1

714efb21bd5372230cae555463242a89cdd0099b
SHA256

c3304d708aa8b3ae7a095df214f448574ca2da5d6e485c6f6df98c8125f7e56b
SHA512

8278869c7b2f9e97fd5903b1dd2f3295f9c143b40695c3a46d91949384d25875274aace939c5f5617e582935ec1894d91ec3ef45bc13188e1dc5f3a910bb1b1f
SSDEEP

3072:KQTcP5nEc4Zg0DK05usNbOlHY84t4tEiqlQ8D/L9/j02swwgQznfKWcN0:KMcxnEc4S9057P8ReiqSYbwgQzK8

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e3ee4f7a69613062dd67987ed5c100a_JaffaCakes118

Files

3e3ee4f7a69613062dd67987ed5c100a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

84fbcf6c2f9d3f2e1ae83d74da1c808f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathFileExistsA

iphlpapi

GetAdaptersInfo

kernel32

GetVolumeInformationA
GetModuleHandleA
LoadLibraryA
VirtualAlloc
GetModuleFileNameA
ExitProcess

user32

PostMessageA
MessageBoxA

advapi32

RegOpenKeyExA

shell32

SHChangeNotify

oleaut32

VariantClear

msvcp80

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z

msvcr80

_CxxThrowException

Exports

Exports

yourfather

Sections

.text
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.UPX1
Size: - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX2
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

84fbcf6c2f9d3f2e1ae83d74da1c808f

Headers

File Characteristics

Imports

shlwapi

iphlpapi

kernel32

user32

advapi32

shell32

oleaut32

msvcp80

msvcr80

Exports

Exports

Sections

.text Size: - Virtual size: 7KB

.rdata Size: - Virtual size: 4KB

.data Size: - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 428B

.UPX0 Size: - Virtual size: 1KB

.UPX1 Size: - Virtual size: 126KB

.UPX2 Size: 168KB - Virtual size: 167KB

.reloc Size: 512B - Virtual size: 104B

.text
Size: - Virtual size: 7KB

.rdata
Size: - Virtual size: 4KB

.data
Size: - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 428B

.UPX0
Size: - Virtual size: 1KB

.UPX1
Size: - Virtual size: 126KB

.UPX2
Size: 168KB - Virtual size: 167KB

.reloc
Size: 512B - Virtual size: 104B