4d806fb419d53b43777f01d468fcfd20_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4d806fb419d53b43777f01d468fcfd20_JaffaCakes118
Size

124KB
MD5

4d806fb419d53b43777f01d468fcfd20
SHA1

618c85308128bd40069a8a973ae5b1e0047505e8
SHA256

b93f32194c791e362e9f96166de4d84d05829bd520a78720996c92dfadd0f6b1
SHA512

092f9f69d22fbfffe0ececc647a74de94345b3695a979ebf98b82985e14936fb74573f241852c9ac60531822086df8d263a8ab57485461ac9c0607bb358b434f
SSDEEP

1536:f0WaFZ9GXlEUF1uF/kqURzZY4bqne2v1co0U6OhBGW7Y2yKu7sTDyPt:MWQslnzS6ulvb0UhhkW79yHYPot

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4d806fb419d53b43777f01d468fcfd20_JaffaCakes118

Files

4d806fb419d53b43777f01d468fcfd20_JaffaCakes118
.exe windows:6 windows x86 arch:x86

3f6e8e851bc3d7f5d00245b1eb972659

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

gpupdate.pdb

Imports

advapi32

InitiateSystemShutdownExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

kernel32

Sleep
LocalAlloc
LocalReAlloc
HeapSetInformation
InterlockedExchange
InterlockedCompareExchange
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetThreadUILanguage
GetModuleHandleW
GetCurrentProcess
LocalFree
CloseHandle
CreateThread
WaitForMultipleObjects
GetLastError
GetConsoleOutputCP
FormatMessageW
lstrlenW

msvcrt

_controlfp
_except_handler4_common
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_ultow
_wsetlocale
towupper
getwchar
wprintf
wcstol
_wcsnicmp
_wcsicmp
_vsnwprintf

user32

ExitWindowsEx
LoadStringW

userenv

ForceSyncFgPolicy

ntdll

NtQueryInformationToken
RtlLengthSid
RtlCopySid
RtlConvertSidToUnicodeString

gpapi

ord115

wevtapi

EvtFormatMessage
EvtNext
EvtOpenPublisherMetadata
EvtClose
EvtQuery

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3f6e8e851bc3d7f5d00245b1eb972659

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

user32

userenv

ntdll

gpapi

wevtapi

Sections

.text Size: 10KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 1KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 10KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 1KB

.UPX0
Size: 108KB - Virtual size: 260KB