4248898f8d04f0b61bf2ac0e52422b93_JaffaCakes118

General

Target

4248898f8d04f0b61bf2ac0e52422b93_JaffaCakes118
Size

126KB
MD5

4248898f8d04f0b61bf2ac0e52422b93
SHA1

dbb255c95647aa1ffea5543bf95979ae0b1aad97
SHA256

17409e0c7dba2191bee43b1c1dabbdeb9572f16959865b16fbb45ed8187bd8b3
SHA512

42e6a259fa12de7cde27170ff1ee81863b33b8bb0077abad0310d1b9316676505db3c9a0d152923da4ebec07335fea5033023c1c97e6828b4971ca0024ca69f7
SSDEEP

3072:o3GWcEv5PkvBIXqSaHOKB7Ux+R4jFeAru9Sk6IIqJGuHl6:o3GSFk5R7uSw926IIqP6

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4248898f8d04f0b61bf2ac0e52422b93_JaffaCakes118

Files

4248898f8d04f0b61bf2ac0e52422b93_JaffaCakes118
.exe windows:5 windows x86 arch:x86

942ca7e2daece5d2e34b28410d793e5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_wtoi
wcstok
_iob
vswprintf
vfwprintf
wcscpy
wcslen
_except_handler3
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__initenv
_cexit
_XcptFilter
_exit
_c_exit
setlocale
malloc
exit
free
_wcsupr
wcscmp
_wcsicmp
swprintf

advapi32

RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegDeleteValueW
RegConnectRegistryW
RegOpenKeyExW
RegCloseKey

kernel32

DeviceIoControl
GetModuleHandleA
GetCommandLineW
lstrcpyW
GetUserDefaultUILanguage
GetThreadLocale
GetConsoleOutputCP
GetLocaleInfoW
GetSystemDefaultLCID
SetThreadLocale
GetLastError
FindFirstVolumeW
CreateFileW
CloseHandle
FindNextVolumeW
FindVolumeClose
GetVersionExW
GetStdHandle
GetFileType
WriteConsoleW
GetModuleHandleW

user32

LoadStringW

ntdll

NtOpenFile
RtlInitUnicodeString
NtQuerySystemInformation
RtlUnicodeStringToInteger
NtClose

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

942ca7e2daece5d2e34b28410d793e5b

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

user32

ntdll

Sections

.text Size: 9KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 7KB - Virtual size: 7KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 7KB - Virtual size: 7KB

.UPX0
Size: 108KB - Virtual size: 260KB