634e6cb9c79d81b060c376f863e54d05_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

634e6cb9c79d81b060c376f863e54d05_JaffaCakes118
Size

210KB
MD5

634e6cb9c79d81b060c376f863e54d05
SHA1

0c6937b103400b5bf068c3aec9f659ec11354373
SHA256

94834149304bb5601e7041308b11b38598183ddb8028e2f7968d00b6a5ed4d38
SHA512

146fa8e2809242bce11563040a13a467dcb72599f839cf4924ae0ebe7a9b3d07c1cc6fdb802514447e115a2575cd1f5f907cfd6eb0cb45a88c53a7d40375b16d
SSDEEP

3072:cGYN6mQU/KGp/TjGXKf7c8IDhWZDxxWbr3ieXcgVydr0IBJOdZ+JRDSuu/q12Lor:QlQUXXGXKz2hKDWfLh0Mocm/Vb9

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
634e6cb9c79d81b060c376f863e54d05_JaffaCakes118

Files

634e6cb9c79d81b060c376f863e54d05_JaffaCakes118
.exe windows:4 windows x86 arch:x86

96d53cbe726033acccdb834558b71d97

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
GetKernelObjectSecurity
GetSecurityDescriptorLength
LookupPrivilegeValueA
OpenProcessToken

kernel32

CloseHandle
CreateFileA
CreateMutexA
EnterCriticalSection
ExitProcess
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
GetConsoleMode
GetCurrentProcess
GetDriveTypeA
GetFileAttributesA
GetFileTime
GetFileType
GetFullPathNameA
GetLastError
GetProcessHeap
GetVersion
GetVolumeInformationA
HeapAlloc
HeapFree
InitializeCriticalSection
InterlockedExchange
LeaveCriticalSection
ReadFile
ReleaseMutex
SetConsoleMode
SetUnhandledExceptionFilter
WaitForSingleObject
lstrcmpiA
lstrcpynA
lstrlenA

msvcrt

_chmod
_close
_fdopen
_fileno
_fstat
_isatty
_mktemp
_read
_rmdir
_setmode
_spawnlp
_stat
_strupr
_unlink
_utime
__getmainargs
__isascii
__iscsym
__iscsymf
__p___mb_cur_max
__p__environ
__set_app_type
__toascii
_cexit
_errno
_fileno
_fmode
_fpreset
_get_osfhandle
_iob
_setmode
_sopen
_tzset
atexit
clearerr
exit
fclose
ferror
fflush
fgets
fopen
fprintf
fputs
fread
free
fseek
ftell
fwrite
getc
getenv
isalpha
isspace
localtime
malloc
mblen
memcpy
mktime
perror
printf
putc
putchar
puts
qsort
realloc
rename
setlocale
setvbuf
signal
sprintf
sscanf
strcat
strchr
strcmp
strcpy
strncmp
strncpy
strrchr
time

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 303KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

96d53cbe726033acccdb834558b71d97

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

Sections

.text Size: 60KB - Virtual size: 60KB

.data Size: 1KB - Virtual size: 1KB

.bss Size: - Virtual size: 303KB

.idata Size: 3KB - Virtual size: 3KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 60KB - Virtual size: 60KB

.data
Size: 1KB - Virtual size: 1KB

.bss
Size: - Virtual size: 303KB

.idata
Size: 3KB - Virtual size: 3KB

UPX0
Size: 144KB - Virtual size: 380KB