49973efdbee3616b7ddf211a696eb31a_JaffaCakes118

General

Target

49973efdbee3616b7ddf211a696eb31a_JaffaCakes118
Size

290KB
MD5

49973efdbee3616b7ddf211a696eb31a
SHA1

e76d7168d4ae4e3675ff6ca37e41f3cf148c2389
SHA256

1b9a88f941355815d3ba68da2116d23bb9f96023d2200c8bcb20317eee462f82
SHA512

186e900296ecce524109d07dc4d4eb56fbf8e20e02d2952fa341a11b6ac1f686be37fd30a61a165135d4fb03fad8e94d0e679bcf76dcf8bad42a67de0302dcac
SSDEEP

6144:a2hs7JLLxr4U17dCBy7YnH0j0gcDJ8XqnmWZQ0Ejj7HzEyA:a2hsHD3CBy7YH0jcDwWZQ0EjPA

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49973efdbee3616b7ddf211a696eb31a_JaffaCakes118

Files

49973efdbee3616b7ddf211a696eb31a_JaffaCakes118
.exe windows:6 windows x86 arch:x86

a170146aae3dd46f8fc39bae9fd66d3e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

MOVIEMK.pdb

Imports

kernel32

FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentProcessId
GetCommandLineW
HeapSetInformation
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
UnhandledExceptionFilter

user32

AllowSetForegroundWindow

msvcrt

_adjust_fdiv
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_except_handler4_common
_controlfp
__p__fmode
_amsg_exit
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
__setusermatherr
__p__commode
__set_app_type

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 778B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a170146aae3dd46f8fc39bae9fd66d3e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

msvcrt

Sections

.text Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 932B

.rsrc Size: 139KB - Virtual size: 139KB

.reloc Size: 1024B - Virtual size: 778B

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 932B

.rsrc
Size: 139KB - Virtual size: 139KB

.reloc
Size: 1024B - Virtual size: 778B

UPX0
Size: 144KB - Virtual size: 380KB