453fa6c8bfa9b17f5238541a228d04ce_JaffaCakes118

General

Target

453fa6c8bfa9b17f5238541a228d04ce_JaffaCakes118
Size

99KB
MD5

453fa6c8bfa9b17f5238541a228d04ce
SHA1

e8509d297fa307a46abd677746bd8f9d50de6359
SHA256

5e0744bf15f0c5cf7f92bed2bbc73be6f42e88e1048413f51f5ff0e9fabd4f7f
SHA512

26783bfc16ed0965e0559d56d0ab25a10036c3b6d7b4e44f607b35936ec8d2fe95b07bfb620b38ceea6748203516ada2cd4b785428bdb5df4d2debb6dcb88adc
SSDEEP

3072:MX71TVcHh5X8TWkI1sOJJJJJJJJJJJJJMHcxT5MRE:q71TVcHh5s0dJJJJJJJJJJJJJwcx19

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
453fa6c8bfa9b17f5238541a228d04ce_JaffaCakes118

Files

453fa6c8bfa9b17f5238541a228d04ce_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d9539239c1e55f4e2499bba6d8c13032

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Module32First
CloseHandle
VirtualFreeEx
WaitForSingleObject
CreateRemoteThread
GetProcAddress
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
lstrlenW
OpenProcess
MultiByteToWideChar
_lopen
ReadProcessMemory
TerminateThread
Module32Next
WinExec
SetFileAttributesA
CopyFileA
GetFileAttributesA
GetModuleFileNameA
GetWindowsDirectoryA
CreateToolhelp32Snapshot
lstrcmpA
Process32First
Process32Next
GetComputerNameA
Sleep
LCMapStringW
LCMapStringA
ReadFile
SetEndOfFile
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
CreateFileA
FlushFileBuffers
SetStdHandle
HeapFree
HeapAlloc
GetLastError
CreateThread
GetCurrentThreadId
TlsSetValue
TlsGetValue
ExitThread
ResumeThread
ExitProcess
TerminateProcess
GetCurrentProcess
GetStartupInfoA
GetCommandLineA
GetVersion
TlsAlloc
SetLastError
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
UnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
WriteFile
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
SetFilePointer
InterlockedDecrement
InterlockedIncrement

advapi32

RegSetValueExA
RegCloseKey
RegOpenKeyExA

gdi32

GetPixel

user32

GetDC
GetAsyncKeyState
GetForegroundWindow
GetKeyState
IsCharAlphaA
GetWindowThreadProcessId
GetWindowTextA
ReleaseDC

ws2_32

Sections

UPX0
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d9539239c1e55f4e2499bba6d8c13032

Headers

File Characteristics

Imports

kernel32

advapi32

gdi32

user32

ws2_32

Sections

UPX0 Size: 96KB - Virtual size: 96KB

.avc Size: 2KB - Virtual size: 4KB

UPX0
Size: 96KB - Virtual size: 96KB

.avc
Size: 2KB - Virtual size: 4KB