4c173439c38891603ecf52798ef673aa_JaffaCakes118

General

Target

4c173439c38891603ecf52798ef673aa_JaffaCakes118
Size

83KB
MD5

4c173439c38891603ecf52798ef673aa
SHA1

e404cac9ce0c12b58d4e9add53ffb250bc7d35cf
SHA256

7e427acbe03061ba57d2c7b2fd906179a0153178c3527c78626bff18b55c0492
SHA512

97f96db4d031a87e1068c49cd5da5f2fac98e05cfc3ad9a89b188776839701038eba139a9b3022d595703f0a8678405ed57619af8bbcf9e70b3318fd27ae7d26
SSDEEP

1536:OaUVYVdG7FolGA6ztJGSdm5hmT7neZRZTon6:OaU2G6GlGym5gT7eZvon6

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c173439c38891603ecf52798ef673aa_JaffaCakes118

Files

4c173439c38891603ecf52798ef673aa_JaffaCakes118
.exe windows:4 windows x86 arch:x86

11d6df77771d9976b454f1a1083c8c0d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
FreeLibrary
FindFirstFileA
CopyFileA
FindNextFileA
CreateThread
lstrlenA
WinExec
GetModuleFileNameA
GetModuleHandleA
GetVersionExA
FormatMessageA
CreateFileA
WriteFile
CloseHandle
GetTickCount
GetSystemDirectoryA
FindClose
SetEnvironmentVariableA
GetVersion
GetCommandLineA
CompareStringA
FlushFileBuffers
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
SetFilePointer
GetLastError
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetFileType
GetStdHandle
SetHandleCount
CompareStringW
Sleep
WideCharToMultiByte
RtlUnwind
HeapFree
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetStartupInfoA
GetEnvironmentStringsW
VirtualFree
VirtualAlloc
MultiByteToWideChar
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
FreeEnvironmentStringsW
HeapReAlloc
IsBadWritePtr
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings

advapi32

RegDeleteValueA
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA

wsock32

bind
listen
send
gethostbyaddr
WSAStartup
inet_addr
gethostbyname
getsockname
inet_ntoa
WSACleanup
closesocket
__WSAFDIsSet
recv
ioctlsocket
select
socket
htons
sendto
connect
setsockopt
accept

Sections

UPX0
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

11d6df77771d9976b454f1a1083c8c0d

Headers

File Characteristics

Imports

kernel32

advapi32

wsock32

Sections

UPX0 Size: 80KB - Virtual size: 80KB

.avp Size: 2KB - Virtual size: 4KB

UPX0
Size: 80KB - Virtual size: 80KB

.avp
Size: 2KB - Virtual size: 4KB