64cd45a56960d5893bbd00cc0526bd59_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

64cd45a56960d5893bbd00cc0526bd59_JaffaCakes118
Size

261KB
MD5

64cd45a56960d5893bbd00cc0526bd59
SHA1

c65f390beeb4b3a548da75576470441498d3a0ec
SHA256

b41b6200ebff01138a4ad1d1c227c7dad624ab9994ff70ef419b794f283ae7b2
SHA512

e6e5e460e252e5454a373f63584d49350ae2bee896d06b4e70738ef351e90c42a3fb5762fcc7c726885e1e674200e500a79fa8ec853e758a1a836b6145975c17
SSDEEP

6144:fayqTuLw5F88SgCpsS1EbAD7im4vpDVL7RQQZQf6KAe8ihh:zCua88SEjbEwvpZBZQfZhh

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
64cd45a56960d5893bbd00cc0526bd59_JaffaCakes118

Files

64cd45a56960d5893bbd00cc0526bd59_JaffaCakes118
.exe windows:4 windows x86 arch:x86

daaa849a0f5684c1f3f8f8d49dbe9af0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
FreeLibrary
GetModuleHandleA
InitializeCriticalSection
GetLocalTime
GetCurrentProcessId
GetCurrentThreadId
GetCurrentDirectoryA
CreateMutexA
LocalFree
GetVersionExA
GetLastError
LoadLibraryA
WaitForSingleObject
ExitProcess
RaiseException
QueryPerformanceCounter
GetTickCount
HeapCreate
IsBadWritePtr
TlsAlloc
SetUnhandledExceptionFilter
GetACP
GetOEMCP
GetCPInfo
GetCurrentProcess
GetStartupInfoA
GetEnvironmentStringsW
IsBadReadPtr
IsBadCodePtr
GetSystemInfo
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CreateDirectoryA
GetProcAddress

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
InitializeSecurityDescriptor
GetSidLengthRequired
InitializeAcl
InitializeSid
GetSidSubAuthority
AddAccessAllowedAce
SetSecurityDescriptorDacl
IsValidSecurityDescriptor

shell32

SHGetFolderPathA

msasn1

ASN1BEREncCheck
ASN1BERDecGeneralizedTime
ASN1_GetEncoderOption
ASN1BEREncLength
ASN1BERDecBool
ASN1BERDecSXVal
ASN1BEREncChar16String
ASN1BERDecCharString
ASN1BEREncChar32String
ASN1char32string_free
ASN1BEREncCharString
ASN1CEREncUTCTime
ASN1BERDecNull
ASN1_SetDecoderOption
ASN1bitstring_cmp
ASN1char32string_cmp
ASN1_CreateEncoder
ASN1BERDecLength
ASN1BEREncOpenType
ASN1BEREncSX

msident

DllGetClassObject

Sections

UPX1
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 86KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxVhJ
Size: 4KB - Virtual size: 943KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 131KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

daaa849a0f5684c1f3f8f8d49dbe9af0

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

msasn1

msident

Sections

UPX1 Size: 7KB - Virtual size: 7KB

.text Size: 17KB - Virtual size: 17KB

.rdata Size: 2KB - Virtual size: 4KB

.edata Size: 86KB - Virtual size: 134KB

.gxVhJ Size: 4KB - Virtual size: 943KB

.data Size: 8KB - Virtual size: 255KB

.edata Size: 131KB - Virtual size: 224KB

.rsrc Size: 2KB - Virtual size: 2KB

UPX1
Size: 7KB - Virtual size: 7KB

.text
Size: 17KB - Virtual size: 17KB

.rdata
Size: 2KB - Virtual size: 4KB

.edata
Size: 86KB - Virtual size: 134KB

.gxVhJ
Size: 4KB - Virtual size: 943KB

.data
Size: 8KB - Virtual size: 255KB

.edata
Size: 131KB - Virtual size: 224KB

.rsrc
Size: 2KB - Virtual size: 2KB