5dd40f7a82a917e18febd2ac10aa63f9_JaffaCakes118

General

Target

5dd40f7a82a917e18febd2ac10aa63f9_JaffaCakes118
Size

490KB
MD5

5dd40f7a82a917e18febd2ac10aa63f9
SHA1

897464b132e012b783e534d388e7df28ffd74b22
SHA256

83b80cb6b1aa8904fcedeb7009d03f118e570a2c3cbcd330e393367d9b12442e
SHA512

8d052cf54483689525811d14548a679eac152ec848008e12293530476728a286e384bfa4be497f781ae9dd376f8b502743c4ea03f73dc0c0dec953cf25b01e94
SSDEEP

384:M8kglvlSAalPZGDmHajLIpkqMLW8I0i6/atT9/4638+FSpjPKaHQ+K4B1Y/E/4p:fkgv4HWVS6ip9/BSpKu1Yx

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5dd40f7a82a917e18febd2ac10aa63f9_JaffaCakes118

Files

5dd40f7a82a917e18febd2ac10aa63f9_JaffaCakes118
.exe windows:1 windows x86 arch:x86

15d6fef9cfd7fcbf447107c4ff1ce423

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FileTimeToDosDateTime
FindFirstFileA
FindNextFileA
FormatMessageA
GetCommandLineA
GetCurrentProcessId
GetFileSize
GetModuleHandleA
CloseHandle
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
GetWindowsDirectoryA
CopyFileA
IsBadReadPtr
LoadLibraryA
CreateFileA
ReadFile
RtlUnwind
RtlZeroMemory
Sleep
TerminateThread
WinExec
CreateThread
DeleteFileA

advapi32

RegEnumValueA
RegCloseKey
RegOpenKeyA
RegSetValueExA

crtdll

_exit
_filelength
_fileno
__GetMainArgs
exit
fclose
fgets
fopen
fprintf
fread
free
fwrite
malloc
memcpy
printf
raise
signal
sprintf
strcat
strchr
strcmp
strcpy
strlen
strncat
strncmp
strncpy

gdi32

GetStockObject

iphlpapi

GetNetworkParams

ole32

CoCreateInstance
CLSIDFromString
CoInitialize
CoUninitialize

oleaut32

SysAllocString

user32

GetWindowTextA
GetForegroundWindow
LoadCursorA
LoadIconA
SetTimer
KillTimer
RegisterClassA
MessageBoxA
GetMessageA
TranslateMessage
DispatchMessageA
PostQuitMessage
CreateWindowExA
DefWindowProcA

wsock32

WSAGetLastError
WSAStartup
closesocket
connect
gethostbyname
htons
inet_addr
ioctlsocket
ntohs
recv
select
send
socket

Sections

UPX0
Size: 488KB - Virtual size: 488KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

15d6fef9cfd7fcbf447107c4ff1ce423

Headers

File Characteristics

Imports

kernel32

advapi32

crtdll

gdi32

iphlpapi

ole32

oleaut32

user32

wsock32

Sections

UPX0 Size: 488KB - Virtual size: 488KB

.avp Size: 2KB - Virtual size: 4KB

UPX0
Size: 488KB - Virtual size: 488KB

.avp
Size: 2KB - Virtual size: 4KB