5b86ae99ca7f022379cf7dc9cf59193e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5b86ae99ca7f022379cf7dc9cf59193e_JaffaCakes118
Size

275KB
MD5

5b86ae99ca7f022379cf7dc9cf59193e
SHA1

dbba1d0d9ceb7e29366a1b8a75d552b6aff2439c
SHA256

bba95ca76e1a945a4bdecd041708c64e38c3c96190a5f803ac10e64bf64dba0f
SHA512

bc5adb34219ab558dbf1f99630e1d4be70ff617e1b97a56c04dacc90ab36cc3055f8ae97cd36c85afe9b1886aaee89dddec5db004088872713a5be064c7c1a59
SSDEEP

3072:9lnVltjYHSdUH/krZSjz61lSAlXer8u4V4FrdXVx2rnzDTaSuFXM2MblGi9F6e7E:hYi9rkjWJduqyFKrzDTaQ2KlGiX76j

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5b86ae99ca7f022379cf7dc9cf59193e_JaffaCakes118

Files

5b86ae99ca7f022379cf7dc9cf59193e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e115be65e2e0e54ef485d7c1844f0d0a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

getsockopt
inet_ntoa
__WSAFDIsSet
bind
WSAGetLastError
getsockname
gethostbyname
listen
ntohs
connect
htons
socket
recv
send
select
WSAStartup
closesocket

kernel32

GetFullPathNameA
GetCurrentDirectoryA
FileTimeToLocalFileTime
FileTimeToSystemTime
LoadLibraryA
GetVersion
InitializeCriticalSection
ExitProcess
GetCurrentProcess
GetStartupInfoA
GetModuleHandleA
GetLastError
HeapCreate
MultiByteToWideChar
GetCurrentThreadId
TlsAlloc
GetStringTypeA
GetStringTypeW
RaiseException
GetModuleFileNameA
GetOEMCP
GetEnvironmentStringsW
GetCPInfo
GetACP
GetLocalTime
GetProcAddress

loadperf

InstallPerfDllA
UpdatePerfNameFilesA
BackupPerfRegistryToFileW

wshtcpip

WSHSetSocketInformation
WSHAddressToString

Sections

UPX1
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fCVqJZ
Size: 1024B - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 95KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.cb
Size: 2KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 338KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 121KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.i
Size: 1024B - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wr
Size: 1KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e115be65e2e0e54ef485d7c1844f0d0a

Headers

File Characteristics

Imports

wsock32

kernel32

loadperf

wshtcpip

Sections

UPX1 Size: 3KB - Virtual size: 3KB

.text Size: 14KB - Virtual size: 13KB

.rdata Size: 1KB - Virtual size: 9KB

.fCVqJZ Size: 1024B - Virtual size: 121KB

.edata Size: 95KB - Virtual size: 150KB

.cb Size: 2KB - Virtual size: 118KB

.data Size: 8KB - Virtual size: 338KB

.edata Size: 121KB - Virtual size: 146KB

.i Size: 1024B - Virtual size: 138KB

.wr Size: 1KB - Virtual size: 281KB

.rsrc Size: 25KB - Virtual size: 24KB

UPX1
Size: 3KB - Virtual size: 3KB

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 1KB - Virtual size: 9KB

.fCVqJZ
Size: 1024B - Virtual size: 121KB

.edata
Size: 95KB - Virtual size: 150KB

.cb
Size: 2KB - Virtual size: 118KB

.data
Size: 8KB - Virtual size: 338KB

.edata
Size: 121KB - Virtual size: 146KB

.i
Size: 1024B - Virtual size: 138KB

.wr
Size: 1KB - Virtual size: 281KB

.rsrc
Size: 25KB - Virtual size: 24KB