44a0a7f6e2e3bc0d03cdc0535c3a8597_JaffaCakes118

General

Target

44a0a7f6e2e3bc0d03cdc0535c3a8597_JaffaCakes118
Size

2.1MB
MD5

44a0a7f6e2e3bc0d03cdc0535c3a8597
SHA1

7400025741e908d704abe58825c7ce6599ad139e
SHA256

bb444fe0b3f0ed47249369dd9d7d210e8347437646153058c4e4d5599d56b6f6
SHA512

f5d3f8b968b0a506050319b3f88d0908be08ca906d5062fafe570a867df13716a8b2f3f03b4c8c7446fe6dcbf21e802a9dbf1805dad24a639df306361a151177
SSDEEP

3072:OSBzFthwVDl392hXcvoUxAK/QwG+cWP61lzU8EQIHT6MFOeV9Gc:XzFOoUoLU8EQIHT6MFNzL

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44a0a7f6e2e3bc0d03cdc0535c3a8597_JaffaCakes118

Files

44a0a7f6e2e3bc0d03cdc0535c3a8597_JaffaCakes118
.exe windows:4 windows x86 arch:x86

62802ba94ecccbbc6450ce32bfdfa90e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaFreeVarList
__vbaEnd
__vbaPut3
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaRecAnsiToUni
__vbaStrCat
__vbaLsetFixstr
__vbaRecDestruct
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
__vbaExitProc
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
__vbaStrFixstr
__vbaFPFix
__vbaRefVarAry
__vbaFpR8
_CIsin
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaGet3
__vbaStrCmp
__vbaAryConstruct2
__vbaGet4
__vbaVarTstEq
__vbaI2I4
DllFunctionCall
__vbaFpUI1
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaR4Var
__vbaFixstrConstruct
__vbaLateIdCallLd
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
__vbaPrintFile
_adj_fprem
_adj_fdivr_m64
__vbaVarDiv
__vbaFPException
__vbaInStrVar
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaLsetFixstrFree
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaR8Str
__vbaNew2
__vbaInStr
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
__vbaVarTstNe
__vbaI4Var
__vbaLateMemCall
__vbaVarDup
__vbaStrToAnsi
__vbaFpI2
__vbaFpI4
__vbaVarCopy
__vbaRecDestructAnsi
_CIatan
__vbaStrMove
__vbaCastObj
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

UPX0
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

62802ba94ecccbbc6450ce32bfdfa90e

Headers

File Characteristics

Imports

msvbvm60

Sections

UPX0 Size: 2.1MB - Virtual size: 2.1MB

.rsrc Size: 1KB - Virtual size: 4KB

.avp Size: 2KB - Virtual size: 4KB

UPX0
Size: 2.1MB - Virtual size: 2.1MB

.rsrc
Size: 1KB - Virtual size: 4KB

.avp
Size: 2KB - Virtual size: 4KB