3fe97204a0808fcce551a6b7895e8162_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3fe97204a0808fcce551a6b7895e8162_JaffaCakes118
Size

205KB
MD5

3fe97204a0808fcce551a6b7895e8162
SHA1

707ea1b107a1b98c64b5cf9645e0ea628f3dbaa8
SHA256

40a10c756f12bc5f512bc759b915de3fc2d657da50d9c159493f2f5616c7b92a
SHA512

8713cd45475e1ad670fa7970910aee25cda94106f6b83491bf51b2224d5c361aec1269a4d71093ea5c20b8c96c02d540d3bf061d357a86c9cb153a8db4b5b091
SSDEEP

3072:3hkXZSpqtpu1ZF+DxPtelUTvIRUmvO29nURvZk:2XZSipu1ZEUQvIR4k6

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3fe97204a0808fcce551a6b7895e8162_JaffaCakes118

Files

3fe97204a0808fcce551a6b7895e8162_JaffaCakes118
.exe windows:4 windows x86 arch:x86

df9d6f20b9525396238dfac64202df34

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
FlushFileBuffers
GetStringTypeA
GetStringTypeW
IsBadCodePtr
GetSystemTimeAsFileTime
UnhandledExceptionFilter
LCMapStringW
InterlockedExchange
LCMapStringA
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
GetOEMCP
GetACP
DeleteCriticalSection
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetCPInfo
CloseHandle
UnmapViewOfFile
GetSystemDirectoryA
GetVersionExA
GetCurrentThreadId
GetCurrentProcessId
MapViewOfFile
CreateFileMappingA
GetFileAttributesA
RemoveDirectoryA
GetLastError
DeleteFileW
SetFileAttributesW
MultiByteToWideChar
Sleep
ExitProcess
GetTempPathA
CreateDirectoryA
VirtualQuery
IsBadReadPtr
SetUnhandledExceptionFilter
FormatMessageA
OpenFileMappingA
GetDiskFreeSpaceExA
GetTickCount
GetExitCodeProcess
WaitForSingleObject
GetModuleFileNameA
GetModuleHandleA
CreateThread
TerminateProcess
OpenProcess
GetSystemDefaultLangID
OutputDebugStringA
CreateProcessA
SetFileAttributesA
GetWindowsDirectoryA
FindClose
FindNextFileA
FindFirstFileA
WideCharToMultiByte
FileTimeToLocalFileTime
GetEnvironmentVariableA
HeapFree
GetProcessHeap
SystemTimeToFileTime
IsProcessorFeaturePresent
DeleteFileA
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CreateFileA
HeapAlloc
WriteFile
SetFilePointer
ReadFile
GetFileSize
GetProcAddress
lstrlenW
FreeLibrary
LoadLibraryA
GetFileTime
lstrcpynA
lstrlenA
GetVolumeInformationA
lstrcmpiA
lstrcpyA
GetCurrentProcess
RaiseException
GetSystemInfo
FileTimeToDosDateTime
GlobalMemoryStatus
GetTimeZoneInformation
GetSystemTime
GetLocalTime
RtlUnwind
InterlockedDecrement
InterlockedIncrement
GetStartupInfoA
GetCommandLineA
GetVersion
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
HeapReAlloc
HeapSize
SetStdHandle

advapi32

CryptReleaseContext
RegEnumKeyExA
RegCreateKeyExA
RegSetValueExA
CryptAcquireContextA
CryptImportKey
RegDeleteKeyA
RegCloseKey
RegDeleteValueA
RegQueryValueExA
RegOpenKeyExA
CryptDestroyHash
CryptVerifySignatureA
CryptHashData
CryptCreateHash

iphlpapi

GetNetworkParams
GetAdaptersInfo

ole32

CoInitialize

oleaut32

shell32

SHGetSpecialFolderPathA

shlwapi

SHGetValueA
SHSetValueA
PathAddBackslashA
SHDeleteValueA
PathCanonicalizeA

urlmon

URLDownloadToCacheFileA

user32

wvsprintfA
GetKeyboardType
GetSystemMetrics
PostThreadMessageA
GetMessageA
DispatchMessageA
wsprintfA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

wininet

InternetReadFile
InternetOpenA
InternetConnectA
InternetOpenUrlA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA
InternetGetConnectedState
InternetCloseHandle
DeleteUrlCacheEntry

Sections

UPX0
Size: 200KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

df9d6f20b9525396238dfac64202df34

Headers

File Characteristics

Imports

kernel32

advapi32

iphlpapi

ole32

oleaut32

shell32

shlwapi

urlmon

user32

version

wininet

Sections

UPX0 Size: 200KB - Virtual size: 200KB

.avp Size: 4KB - Virtual size: 4KB

UPX0
Size: 200KB - Virtual size: 200KB

.avp
Size: 4KB - Virtual size: 4KB