5f26ee36bd1a48541a8989dea7b1dd69_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5f26ee36bd1a48541a8989dea7b1dd69_JaffaCakes118
Size

156KB
MD5

5f26ee36bd1a48541a8989dea7b1dd69
SHA1

e9415973c557992c7a126e6a7e30d33f4323cc72
SHA256

e22c9510a46edb4dedccf1bc2a2740cbce4caa9d5e63d550a174c629fcdcdc08
SHA512

77957dab01dbd11f469829d1dc0d3c1c88b17f232d9df1ad1c4d6aa88c773ccb98c3bb42be849e1c12f46d31eade6b9976b162e763261d6be16e5acbe44cee69
SSDEEP

3072:UP6DvEpS30c3+IE7h2M+S3vhJAJVWw8W1OF3cnLSC:DDcpSaIEwM+S3S1OFUOC

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5f26ee36bd1a48541a8989dea7b1dd69_JaffaCakes118

Files

5f26ee36bd1a48541a8989dea7b1dd69_JaffaCakes118
.exe windows:4 windows x86 arch:x86

127367dd27cc106658c84c8f4158f58c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msi

ord151
ord77
ord148
ord44
ord17
ord124
ord170
ord67
ord152
ord8

shell32

ShellExecuteExA

ole32

StgOpenStorage
StgCreateDocfile

user32

ExitWindowsEx
MessageBoxA

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

kernel32

CloseHandle
FlushFileBuffers
HeapSize
SetStdHandle
ReadFile
HeapReAlloc
InitializeCriticalSection
SetFilePointer
LoadLibraryA
VirtualQuery
GetSystemInfo
VirtualAlloc
LCMapStringA
GetLastError
MultiByteToWideChar
DeleteFileA
GetTempFileNameA
GetTempPathA
GetExitCodeProcess
WaitForSingleObject
GetSystemDirectoryA
GetCurrentProcess
GetVersionExA
LockResource
LoadResource
FindResourceExA
FreeLibrary
LoadLibraryExA
CopyFileA
ExitProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
TlsFree
SetLastError
GetCurrentThreadId
TlsSetValue
TlsGetValue
TlsAlloc
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
WideCharToMultiByte
LCMapStringW
GetProcAddress
TerminateProcess
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
HeapFree
GetStringTypeA
GetStringTypeW
GetCPInfo
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
GetLocaleInfoA
RtlUnwind
GetACP
GetOEMCP
VirtualProtect

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 104KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

127367dd27cc106658c84c8f4158f58c

Headers

File Characteristics

Imports

msi

shell32

ole32

user32

advapi32

kernel32

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 736B

.UPX0 Size: 104KB - Virtual size: 252KB

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 736B

.UPX0
Size: 104KB - Virtual size: 252KB