4176d5aff71b68c60d8d64f658b7c5f6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4176d5aff71b68c60d8d64f658b7c5f6_JaffaCakes118
Size

186KB
MD5

4176d5aff71b68c60d8d64f658b7c5f6
SHA1

2c04158bbe17c2cf361df4806ec09606de482658
SHA256

0219b4f6bc1e0b29331e71d8445fbc10a94498e08b097c807c80b8dcd46af6ce
SHA512

c9f8ef0434e8c4c411767e2a1c061d62415ad14a10397bf0a24a72bbaa063a3e1bfee1a2203c3e3fa16979912f224cd044f81aaee5035220c8fd719539418718
SSDEEP

3072:3p3lhzslTZJ9j7Heb8C1Jw/rP6bkrP3U4DWbNL5q19odXFJd4B0BPeAmrQPXv:Z3lyfj7HebD1crLyq1OTEBqPevr

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4176d5aff71b68c60d8d64f658b7c5f6_JaffaCakes118

Files

4176d5aff71b68c60d8d64f658b7c5f6_JaffaCakes118
.exe windows:6 windows x86 arch:x86

7cae841724aac4485d1a064d5f0e471f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

eventvwr.pdb

Imports

kernel32

GetModuleHandleW
LocalFree
FormatMessageW
GetLastError
lstrlenW
CloseHandle
CreateFileW
GetCommandLineW
GetSystemDirectoryW
HeapSetInformation
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedCompareExchange
Sleep
InterlockedExchange
UnhandledExceptionFilter

user32

SetWindowLongW
GetWindowLongW
DialogBoxParamW
SendDlgItemMessageW
GetDlgItem
SendMessageW
ShowWindow
EnableWindow
SetWindowTextW
LoadStringW
EndDialog
LoadIconW
DestroyWindow

msvcrt

_except_handler4_common
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
__getmainargs
memset
_ultow
??2@YAPAXI@Z
_vsnwprintf
??3@YAXPAX@Z
_controlfp
_cexit

shell32

ShellExecuteW
CommandLineToArgvW

shlwapi

StrCmpNIW

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 898B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7cae841724aac4485d1a064d5f0e471f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

msvcrt

shell32

shlwapi

Sections

.text Size: 8KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 896B

.rsrc Size: 67KB - Virtual size: 66KB

.reloc Size: 1024B - Virtual size: 898B

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 896B

.rsrc
Size: 67KB - Virtual size: 66KB

.reloc
Size: 1024B - Virtual size: 898B

.UPX0
Size: 108KB - Virtual size: 260KB