5b39f80f05e29c9d83634cf8961a0416_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5b39f80f05e29c9d83634cf8961a0416_JaffaCakes118
Size

770KB
MD5

5b39f80f05e29c9d83634cf8961a0416
SHA1

a21ce5f32ad2d94fcbc16849530997b272bc43d4
SHA256

24bdb409a4b8c88687edf9b339a0848756131b4b1153534a514f34692bfef00c
SHA512

073be5bfcabf88fbd2b95acf88ddaf8b483fd7babfb2ee681768bde6f473519858720725d506a2a1635c2e0e066b55d65e0ba7c49c4a1ee3820d5f8343b923d8
SSDEEP

24576:MrOTGjvthUXBT64laDMgbh/Vssijscl4Hk:Q7Dt2XFYDMgbVis6lqHk

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5b39f80f05e29c9d83634cf8961a0416_JaffaCakes118

Files

5b39f80f05e29c9d83634cf8961a0416_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5a281e0c352026658b9d20de2933274c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

WaitForSingleObject
GetModuleHandleA
LoadLibraryA
VirtualAlloc
GetModuleFileNameA
ExitProcess

user32

ScrollWindow
MessageBoxA

advapi32

RegEnumValueA

oleaut32

VariantClear

mpr

WNetGetUserA

version

VerQueryValueA

gdi32

IntersectClipRect

comctl32

ImageList_Destroy

shell32

ShellExecuteA

wininet

InternetReadFile

winmm

waveInStart

netapi32

Netbios

wsock32

WSAAsyncSelect

avicap32

capCreateCaptureWindowA

msvfw32

DrawDibOpen

urlmon

URLDownloadToFileA

ws2_32

WSAStartup

Sections

CODE
Size: - Virtual size: 608KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 27KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 20B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: - Virtual size: 389KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX1
Size: 758KB - Virtual size: 758KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5a281e0c352026658b9d20de2933274c

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

mpr

version

gdi32

comctl32

shell32

wininet

winmm

netapi32

wsock32

avicap32

msvfw32

urlmon

ws2_32

Sections

CODE Size: - Virtual size: 608KB

DATA Size: - Virtual size: 31KB

BSS Size: - Virtual size: 27KB

.idata Size: - Virtual size: 11KB

.tls Size: - Virtual size: 20B

.rdata Size: - Virtual size: 24B

.reloc Size: - Virtual size: 39KB

.rsrc Size: 10KB - Virtual size: 34KB

.UPX0 Size: - Virtual size: 389KB

.UPX1 Size: 758KB - Virtual size: 758KB

.reloc Size: 512B - Virtual size: 204B

CODE
Size: - Virtual size: 608KB

DATA
Size: - Virtual size: 31KB

BSS
Size: - Virtual size: 27KB

.idata
Size: - Virtual size: 11KB

.tls
Size: - Virtual size: 20B

.rdata
Size: - Virtual size: 24B

.reloc
Size: - Virtual size: 39KB

.rsrc
Size: 10KB - Virtual size: 34KB

.UPX0
Size: - Virtual size: 389KB

.UPX1
Size: 758KB - Virtual size: 758KB

.reloc
Size: 512B - Virtual size: 204B