5db0f31d0da6d0e3735a2773e9ac2941_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5db0f31d0da6d0e3735a2773e9ac2941_JaffaCakes118
Size

190KB
MD5

5db0f31d0da6d0e3735a2773e9ac2941
SHA1

acfbf9031612bc57d7acbd10cc7c84f505b7071c
SHA256

51207702460b10c59c5c0501eb71d5b5d4ef2ee8449cb5709f8646754330d535
SHA512

4d5e3dbb7cec88e5a2eb8eafa65878fc9f6219527b4ab5783595e0a3d9cc1de6937ea66751bc025fb0f709c825846f9d52096b9053a8a768c0d326556ef94893
SSDEEP

3072:pIvgyTIZMTSG9KutcsupN6dmaA0f7MBtvOsq1lB64CCIES0PtM10Ktg32bHbb/:6vaZ9FZbz6TolOvkf0P+iKrb7b

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5db0f31d0da6d0e3735a2773e9ac2941_JaffaCakes118

Files

5db0f31d0da6d0e3735a2773e9ac2941_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d8131f3aef1073837224d425d2f52ec4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OutputDebugStringW
GetProcessHeap
EnumTimeFormatsW
GlobalAlloc
GetTimeZoneInformation
lstrlenW
SetCurrentDirectoryW
ReleaseMutex
GetDiskFreeSpaceExA
ReadConsoleOutputCharacterW
GetModuleHandleA
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
LoadLibraryA
GetProcAddress
HeapReAlloc
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetLastError
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
GetStringTypeW
VirtualProtect

user32

SetActiveWindow
ChangeMenuA
DlgDirSelectExA
DdeCmpStringHandles
PostMessageA
SetDlgItemTextW
RegisterClassA

Sections

.text
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX0
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX1
Size: 189KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d8131f3aef1073837224d425d2f52ec4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: - Virtual size: 15KB

.rdata Size: - Virtual size: 2KB

.data Size: - Virtual size: 95KB

.UPX0 Size: - Virtual size: 56KB

.UPX1 Size: 189KB - Virtual size: 189KB

.text
Size: - Virtual size: 15KB

.rdata
Size: - Virtual size: 2KB

.data
Size: - Virtual size: 95KB

.UPX0
Size: - Virtual size: 56KB

.UPX1
Size: 189KB - Virtual size: 189KB