5f9d4c372a991a95a2898accd7c2f4df_JaffaCakes118

General

Target

5f9d4c372a991a95a2898accd7c2f4df_JaffaCakes118
Size

54KB
MD5

5f9d4c372a991a95a2898accd7c2f4df
SHA1

4b7653445b388f5af7aec96acfe3cadabcb9939d
SHA256

07a33b926cb6ddef11e2e0ceb341f35abdfe8fc699205000d9fdcd4aefa2851b
SHA512

07c49331a1a7676d66eee9b74ec772f44014ab7acaf2b731e0ba8be604fa7933fe9d1d6b5103153c5c74ad6731577f4497662362e05ad9303319468db711d858
SSDEEP

768:zMUtpocVl1LZdt2AyhRQ9/oTWFD+2QQyLFlb1lltAN1+gGbj8J:zMUvD1dUIoyQFLFxzlt4lGEJ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5f9d4c372a991a95a2898accd7c2f4df_JaffaCakes118

Files

5f9d4c372a991a95a2898accd7c2f4df_JaffaCakes118
.exe windows:4 windows x86 arch:x86

889c30498ba0188b9e3dd1f5f9481858

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
CreateProcessA
GetCommandLineA
FreeLibrary
lstrcmpiA
LoadLibraryA
lstrcatA
GetTempPathA
SetFileAttributesA
WriteFile
SetFileTime
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetLastError
CreateMutexA
MoveFileA
GetFileAttributesA
lstrcpynA
LockFile
GetFileTime
GetWindowsDirectoryA
ExpandEnvironmentStringsA
OpenProcess
TerminateProcess
ReadFile
lstrcmpA
VirtualQuery
GetCurrentProcess
lstrcmpiW
MultiByteToWideChar
WideCharToMultiByte
GetCurrentThread
SetThreadPriority
GetThreadPriority
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
GetSystemTimeAsFileTime
RtlUnwind
GetCurrentProcessId
GetVolumeInformationA
CreateFileA
GetVersionExA
GetSystemDirectoryA
SetErrorMode
GetModuleFileNameA
SetUnhandledExceptionFilter
GetTickCount
lstrlenA
lstrcpyA
Sleep
CloseHandle
CreateThread
GetModuleHandleA
GetFileSize
ExitProcess

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetFileSecurityA
RegSetKeySecurity
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
AllocateAndInitializeSid

user32

GetAncestor
GetWindowThreadProcessId
GetWindowTextA
PostMessageA
EnumChildWindows
EnumWindows
wsprintfA

Sections

UPX0
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

889c30498ba0188b9e3dd1f5f9481858

Headers

File Characteristics

Imports

kernel32

advapi32

user32

Sections

UPX0 Size: 48KB - Virtual size: 48KB

.rsrc Size: 3KB - Virtual size: 4KB

.avc Size: 2KB - Virtual size: 4KB

UPX0
Size: 48KB - Virtual size: 48KB

.rsrc
Size: 3KB - Virtual size: 4KB

.avc
Size: 2KB - Virtual size: 4KB