63bdbdb0463342b17157f1d4414f65d0_JaffaCakes118

General

Target

63bdbdb0463342b17157f1d4414f65d0_JaffaCakes118
Size

168KB
MD5

63bdbdb0463342b17157f1d4414f65d0
SHA1

1588c610da80a38d4975a4917a3822aefa9106bd
SHA256

3e3cd3ad35fd9c93d307dcd3281add124758f326359b5ce2c171b9e1d814b7ab
SHA512

77f8c2945210f59a0c723274a6b032600d8a2345a85bbcd1fde2ae7aded5232cac4210d6fb32862339dc676211855af9a0fdf4eb3212347ee1b4dbe9dc9a9a28
SSDEEP

3072:BWM31rFQWH5cyQ7gjloMRvCGvjh7CRGz6E/G7gFBSzusjXxurq+f1pjmDV1gOUwg:cFMhb7h7C8bGIjqXsq+dPOUwPV/q

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
63bdbdb0463342b17157f1d4414f65d0_JaffaCakes118

Files

63bdbdb0463342b17157f1d4414f65d0_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b78fb2e28312642cc7c23f4702ae9e1d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

sort.pdb

Imports

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__initenv
_cexit
_XcptFilter
_exit
_c_exit
setlocale
wcslen
qsort
strchr
_ftol
wcscoll
_wcsicoll
strcoll
_stricoll
atoi
_strnicmp
_iob
fprintf
exit

advapi32

IsTextUnicode

kernel32

UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
WaitForSingleObject
WideCharToMultiByte
GetTempFileNameA
GetTempPathA
GetDiskFreeSpaceA
WriteFile
SetUnhandledExceptionFilter
ResetEvent
ReadFile
GetOverlappedResult
GlobalMemoryStatusEx
GetSystemInfo
GetCPInfo
VirtualAlloc
GetStdHandle
CreateFileA
GetFileType
GetFileSize
GetConsoleMode
CreateEventA
MultiByteToWideChar
CloseHandle
HeapFree
FormatMessageA
GetModuleHandleA
GetLastError
GetProcessHeap
HeapAlloc

ntdll

RtlMultiByteToUnicodeN
RtlUnicodeToOemN

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b78fb2e28312642cc7c23f4702ae9e1d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

ntdll

Sections

.text Size: 12KB - Virtual size: 12KB

.data Size: 512B - Virtual size: 9KB

.rsrc Size: 10KB - Virtual size: 9KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 12KB - Virtual size: 12KB

.data
Size: 512B - Virtual size: 9KB

.rsrc
Size: 10KB - Virtual size: 9KB

UPX0
Size: 144KB - Virtual size: 380KB