48ed04f1d536bc46af52e3f1d066543c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

48ed04f1d536bc46af52e3f1d066543c_JaffaCakes118
Size

182KB
MD5

48ed04f1d536bc46af52e3f1d066543c
SHA1

4a5cd89218fa4a8e4776aeee8f1bcb385509ed34
SHA256

15f1fbca6ea9751c273feba683b8661a9ad18c49439f45af51c517e1d57150a9
SHA512

b465332ca3d610553c66c7d70165835e1bf3a90e897fe91414e33f220633fd3f8b95601b074cb11322398b54478114e7c9acfd804dcc48e44af3f0a7eeb4a922
SSDEEP

3072:18MFf6gKqRoyOXo3pqLtPiEq9HOBw7z+AnwMa3RXU7CA8BLCC7SO:18MFi9QJkvAOBw7KAnOe7CjBLCe

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
48ed04f1d536bc46af52e3f1d066543c_JaffaCakes118

Files

48ed04f1d536bc46af52e3f1d066543c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

97fd792bdd50a2170770e77e62b2b402

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoA
SetEnvironmentVariableA
GetEnvironmentVariableA
ReleaseMutex
GetCommandLineA
Sleep
WaitForSingleObject
CreateMutexA
OpenMutexA
GetCurrentProcessId
CreateThread
CloseHandle
ReadFile
GetFileSize
CreateFileA
FindClose
FindFirstFileA
GetCurrentThreadId
GetExitCodeProcess
ContinueDebugEvent
ReadProcessMemory
WaitForDebugEvent
SuspendThread
DebugActiveProcess
ResumeThread
VirtualProtectEx
WriteProcessMemory
GetThreadContext
GetModuleFileNameA
LCMapStringW
LCMapStringA
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
SetFilePointer
HeapReAlloc
WriteFile
VirtualFree
HeapCreate
HeapDestroy
FlushFileBuffers
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
CreateProcessA
GetCurrentThread
SetThreadPriority
GetVersionExA
LoadLibraryA
GetLastError
GetProcAddress
VirtualAlloc
VirtualProtect
GetModuleHandleA
RtlUnwind
GetVersion
ExitProcess
HeapFree
HeapAlloc

user32

WaitForInputIdle
PostThreadMessageA
GetMessageA
IsWindow
PeekMessageA
TranslateMessage
DispatchMessageA
BeginPaint
EndPaint
KillTimer
LoadCursorA
RegisterClassA
GetAsyncKeyState
GetSystemMetrics
CreateWindowExA
SetTimer
PostMessageA
MessageBoxA
SetWindowTextA
GetDlgItem
CreateDialogIndirectParamA
ShowWindow
UpdateWindow
FindWindowA
SendMessageA
DestroyWindow
DefWindowProcA

gdi32

SelectObject
BitBlt
DeleteObject
CreatePalette
CreateDCA
SelectPalette
RealizePalette
CreateDIBitmap
DeleteDC
CreateCompatibleDC

Sections

UPX0
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

97fd792bdd50a2170770e77e62b2b402

Headers

File Characteristics

Imports

kernel32

user32

gdi32

Sections

UPX0 Size: - Virtual size: 36KB

UPX1 Size: - Virtual size: 28KB

UPX2 Size: - Virtual size: 4KB

.text Size: 52KB - Virtual size: 49KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 16KB - Virtual size: 18KB

.pdata Size: 104KB - Virtual size: 100KB

UPX0
Size: - Virtual size: 36KB

UPX1
Size: - Virtual size: 28KB

UPX2
Size: - Virtual size: 4KB

.text
Size: 52KB - Virtual size: 49KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 16KB - Virtual size: 18KB

.pdata
Size: 104KB - Virtual size: 100KB