5fe8f0bcf40708bda327d45c795d23d2_JaffaCakes118

General

Target

5fe8f0bcf40708bda327d45c795d23d2_JaffaCakes118
Size

99KB
MD5

5fe8f0bcf40708bda327d45c795d23d2
SHA1

8738abfca8a568d5aa284499d6b1d7a0b718a6c8
SHA256

b070b01c4fa2191bab690ae179d93e0a576ab0e7fc78e42f4b28c5b3a03be2b7
SHA512

22504ebdd0194e6fceafd8489dfc0e154c284ceca036c9e90aef5a47b5e35dc3d1c6030da6d630f80f6f366a04d27c7588e02a7a4fbe4f61d1897ec367c29aae
SSDEEP

768:SR4ot74z/iJtY/4ES1imyHJyj1D55IEAT6fiPm19aBHtEOF1fPgUTaXRXu:SR+qJCiiNHsHZiu1mSc13g7B+

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5fe8f0bcf40708bda327d45c795d23d2_JaffaCakes118

Files

5fe8f0bcf40708bda327d45c795d23d2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ffb9cacb144081324445a8ea1727ac7a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
GetLocaleInfoA
LCMapStringW
LCMapStringA
SetStdHandle
VirtualQuery
InterlockedExchange
RtlUnwind
VirtualAlloc
HeapSize
HeapReAlloc
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GetCPInfo
GetSystemInfo
GetACP
GetLocalTime
CloseHandle
WriteFile
GetTickCount
CreateFileA
Sleep
GetComputerNameA
GetVersionExA
GlobalMemoryStatus
TerminateThread
CreateProcessA
CreateThread
GetLastError
CreateMutexA
GetProcAddress
LoadLibraryA
GetOEMCP
TerminateProcess
GetStringTypeW
MultiByteToWideChar
ExitProcess
GetModuleHandleA
FlushFileBuffers
GetCurrentProcess
GetStartupInfoA
GetCommandLineA
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapFree
SetFilePointer
HeapAlloc
GetStringTypeA

advapi32

GetUserNameA

shell32

ShellExecuteA

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

ws2_32

Sections

UPX0
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ffb9cacb144081324445a8ea1727ac7a

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

wininet

ws2_32

Sections

UPX0 Size: 96KB - Virtual size: 96KB

.avc Size: 2KB - Virtual size: 4KB

UPX0
Size: 96KB - Virtual size: 96KB

.avc
Size: 2KB - Virtual size: 4KB