5e64ab1d79bcc9fa149b22d87028d74c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5e64ab1d79bcc9fa149b22d87028d74c_JaffaCakes118
Size

272KB
MD5

5e64ab1d79bcc9fa149b22d87028d74c
SHA1

8ba52adb961f2affd80cfda39b4a0e809f01125e
SHA256

9355fe4ff8b0b37a09837f8f48c774d0f8d3cd47499c8983e7a63a27d5ec2a49
SHA512

98ee67a540db45db25c29201f9ffe576ff6b4ec7b7e8a4faf1a7e28abdfc1f4a2cb9e92848de665ff077883550fa438a98d8957e2aec7040031f99b5b8abc225
SSDEEP

6144:3VX1vpmKgf6YdkHVnN5XXf8F3D9Aah5eYPY8keO1+e+xZSC0:fp9gf64KVfXXf8F3BAah5eoLkvAe6S

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5e64ab1d79bcc9fa149b22d87028d74c_JaffaCakes118

Files

5e64ab1d79bcc9fa149b22d87028d74c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f2f5ddf8afa0fba48f424ea6a4391efd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\depot\Main\Utility\RunAsCurrentUser\build\RunAsCurrentUser_Release\RunAsCurrentUser.pdb

Imports

userenv

LoadUserProfileA
CreateEnvironmentBlock
DestroyEnvironmentBlock
UnloadUserProfile

kernel32

HeapFree
HeapAlloc
GetProcessHeap
CloseHandle
WaitForSingleObject
OpenProcess
GetCurrentProcess
GetProcAddress
LoadLibraryA
CreateProcessA
FormatMessageA
GetSystemDefaultLangID
GetLocaleInfoW
SetFilePointer
IsBadCodePtr
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
GetLastError
RaiseException
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
SetStdHandle
FlushFileBuffers
LocalFree
EnterCriticalSection
LeaveCriticalSection
HeapDestroy
HeapReAlloc
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
ExitProcess
IsBadReadPtr
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
LCMapStringA
LCMapStringW
GetCPInfo
TerminateProcess
HeapCreate
VirtualFree
IsBadWritePtr
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
SetUnhandledExceptionFilter
GetOEMCP
WriteFile
GetStdHandle

user32

OpenWindowStationA
CloseWindowStation
MessageBoxA
EnumWindowStationsA
EnumDesktopsA
SetProcessWindowStation
OpenDesktopA
CloseDesktop
GetUserObjectSecurity
SetUserObjectSecurity

advapi32

SetSecurityDescriptorDacl
OpenProcessToken
DuplicateTokenEx
ImpersonateLoggedOnUser
CreateProcessAsUserA
RevertToSelf
LookupPrivilegeValueA
AdjustTokenPrivileges
AddAccessAllowedAce
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetAclInformation
InitializeAcl
GetAce
AddAce
GetTokenInformation
GetLengthSid
CopySid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
AllocateAndInitializeSid
EqualSid

Sections

.text
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f2f5ddf8afa0fba48f424ea6a4391efd

Headers

File Characteristics

PDB Paths

Imports

userenv

kernel32

user32

advapi32

Sections

.text Size: 92KB - Virtual size: 90KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 8KB - Virtual size: 10KB

.rsrc Size: 4KB - Virtual size: 952B

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 92KB - Virtual size: 90KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 8KB - Virtual size: 10KB

.rsrc
Size: 4KB - Virtual size: 952B

UPX0
Size: 144KB - Virtual size: 380KB