5ba93e9ceff21f92806086b36627c149_JaffaCakes118

General

Target

5ba93e9ceff21f92806086b36627c149_JaffaCakes118
Size

51KB
MD5

5ba93e9ceff21f92806086b36627c149
SHA1

686a67ead40958dd093910ee975961f9dff10de4
SHA256

198ca1f321308dd72ba53779d942a56450cc00bbf73d57b57668bacc93d77eca
SHA512

0d8b9c9536847bced2e6fc6ed446c50043788d3f7ef1ab190ee9eb1c2d1a39769c6f06b768c3b375bff43d4d8d6f235ddf23558ebd99e2d1cb38ce62dbc3f42d
SSDEEP

768:RxBiSUNdaW03cvIycJMqZ+6Tr4dpj2dBmRIDFEWYW9pMum2:RxZUG0vWls6Tr4Dj2dBmRkSur

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ba93e9ceff21f92806086b36627c149_JaffaCakes118

Files

5ba93e9ceff21f92806086b36627c149_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7650d1ea776ba2d3cc0c93ec59c999d1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetCurrentProcess
WriteFile
DeleteFileA
GetSystemDirectoryA
GetModuleFileNameA
CreateThread
GetLastError
CreateMutexA
OpenMutexA
GetFileSize
DeviceIoControl
lstrlenA
GetSystemInfo
VirtualProtect
GetLocaleInfoA
LCMapStringW
LCMapStringA
GetCPInfo
GetOEMCP
GetACP
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
CreateFileA
SetFilePointer
ReadFile
CloseHandle
GetComputerNameA
GetVolumeInformationA
GetTempPathA
Sleep
ExitProcess
VirtualQuery
InterlockedExchange
RtlUnwind
LoadLibraryA
HeapSize
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
HeapAlloc
HeapFree
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetProcAddress
TerminateProcess
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte

advapi32

RegCreateKeyA
RegSetValueExA
RegCloseKey
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
RegDeleteValueA

shell32

ShellExecuteA

user32

GetForegroundWindow
GetAsyncKeyState
GetKeyState
GetWindowTextA
wsprintfA

ws2_32

Sections

UPX0
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7650d1ea776ba2d3cc0c93ec59c999d1

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

user32

ws2_32

Sections

UPX0 Size: 48KB - Virtual size: 48KB

.avc Size: 2KB - Virtual size: 4KB

UPX0
Size: 48KB - Virtual size: 48KB

.avc
Size: 2KB - Virtual size: 4KB