64d424fbeb1fa83ebe3461b37f4ac30e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

64d424fbeb1fa83ebe3461b37f4ac30e_JaffaCakes118
Size

275KB
MD5

64d424fbeb1fa83ebe3461b37f4ac30e
SHA1

9cad5bea527a7ac5c12085621b9845eb78d0fbe7
SHA256

ace93b104cc3e6b90fd83621ce0b52acbd8a188de43a2f4eb8ae13964af1a24a
SHA512

4f347cb9033a6e2ccec6eb473f86e4f37890ff2b5019f93895967fd3bd84655cb935fe1442b87938772296a18bbe9408d762c803f374894588db258eaff1152e
SSDEEP

3072:JlnVltjYHSdUH/krZSjz61lSAlXer8u4V4FrdXVx2rnzDTaSuFXM2MblGi9F6e7E:FYi9rkjWJduqyFKrzDTaQ2KlGiX76j

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
64d424fbeb1fa83ebe3461b37f4ac30e_JaffaCakes118

Files

64d424fbeb1fa83ebe3461b37f4ac30e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e115be65e2e0e54ef485d7c1844f0d0a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

getsockopt
inet_ntoa
__WSAFDIsSet
bind
WSAGetLastError
getsockname
gethostbyname
listen
ntohs
connect
htons
socket
recv
send
select
WSAStartup
closesocket

kernel32

GetFullPathNameA
GetCurrentDirectoryA
FileTimeToLocalFileTime
FileTimeToSystemTime
LoadLibraryA
GetVersion
InitializeCriticalSection
ExitProcess
GetCurrentProcess
GetStartupInfoA
GetModuleHandleA
GetLastError
HeapCreate
MultiByteToWideChar
GetCurrentThreadId
TlsAlloc
GetStringTypeA
GetStringTypeW
RaiseException
GetModuleFileNameA
GetOEMCP
GetEnvironmentStringsW
GetCPInfo
GetACP
GetLocalTime
GetProcAddress

loadperf

InstallPerfDllA
UpdatePerfNameFilesA
BackupPerfRegistryToFileW

wshtcpip

WSHSetSocketInformation
WSHAddressToString

Sections

UPX1
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fCVqJZ
Size: 1024B - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 95KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.cb
Size: 2KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 338KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 121KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.i
Size: 1024B - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wr
Size: 1KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e115be65e2e0e54ef485d7c1844f0d0a

Headers

File Characteristics

Imports

wsock32

kernel32

loadperf

wshtcpip

Sections

UPX1 Size: 3KB - Virtual size: 3KB

.text Size: 14KB - Virtual size: 13KB

.rdata Size: 1KB - Virtual size: 9KB

.fCVqJZ Size: 1024B - Virtual size: 121KB

.edata Size: 95KB - Virtual size: 150KB

.cb Size: 2KB - Virtual size: 118KB

.data Size: 8KB - Virtual size: 338KB

.edata Size: 121KB - Virtual size: 146KB

.i Size: 1024B - Virtual size: 138KB

.wr Size: 1KB - Virtual size: 281KB

.rsrc Size: 25KB - Virtual size: 24KB

UPX1
Size: 3KB - Virtual size: 3KB

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 1KB - Virtual size: 9KB

.fCVqJZ
Size: 1024B - Virtual size: 121KB

.edata
Size: 95KB - Virtual size: 150KB

.cb
Size: 2KB - Virtual size: 118KB

.data
Size: 8KB - Virtual size: 338KB

.edata
Size: 121KB - Virtual size: 146KB

.i
Size: 1024B - Virtual size: 138KB

.wr
Size: 1KB - Virtual size: 281KB

.rsrc
Size: 25KB - Virtual size: 24KB