433baea53cf0824d9517257341df7101_JaffaCakes118

General

Target

433baea53cf0824d9517257341df7101_JaffaCakes118
Size

43KB
MD5

433baea53cf0824d9517257341df7101
SHA1

971edcaa488a5de8286174e56a97c6ba2e51e75b
SHA256

053d1fa07b99489c183e7a3f8072cc8b323601489bd86a1b03a4216ac7d54bca
SHA512

10fe97defc40f53dfe1cc60f1eb2d0979acf674def94649d89c05f80a73c3019a0e8fab8ec8d59a11941fa2e172dcfa40fa85c55750473922f0ab47dd3d31bd0
SSDEEP

384:cHoohknWeesIF26R6bkUos0aisuDsUvkqLgACKkInemr:ywWXsIEz4NaisuTvbL/Xnem

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
433baea53cf0824d9517257341df7101_JaffaCakes118

Files

433baea53cf0824d9517257341df7101_JaffaCakes118
.exe windows:4 windows x86 arch:x86

749342a7f223fb3357978a3e37efe908

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteProcessMemory
VirtualAllocEx
GetCurrentProcess
GetModuleHandleA
CreateProcessA
CloseHandle
OpenProcess
GetProcessHeap
HeapFree
HeapAlloc
Module32Next
GetThreadContext
CreateToolhelp32Snapshot
Process32Next
Process32First
GetVersionExA
GetVolumeInformationA
LoadLibraryA
FreeLibrary
GetProcAddress
ExitProcess
Sleep
SetThreadContext
ResumeThread
Module32First
WaitForSingleObject
GetStringTypeW
GetStringTypeA
HeapSize
SetStdHandle
RtlUnwind
GetOEMCP
GetACP
GetCPInfo
GetLocaleInfoA
SetFilePointer
GetFileType
SetHandleCount
GetSystemTimeAsFileTime
GetStartupInfoA
GetCommandLineA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetModuleFileNameA
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
GetLastError
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
HeapReAlloc
TerminateProcess
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
FlushFileBuffers

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameA
GetModuleInformation

wininet

InternetOpenA
InternetConnectA
FtpPutFileA
InternetCloseHandle

ws2_32

Sections

UPX0
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

749342a7f223fb3357978a3e37efe908

Headers

File Characteristics

Imports

kernel32

advapi32

psapi

wininet

ws2_32

Sections

UPX0 Size: 40KB - Virtual size: 40KB

.avc Size: 2KB - Virtual size: 4KB

UPX0
Size: 40KB - Virtual size: 40KB

.avc
Size: 2KB - Virtual size: 4KB