6760e1f1cf909fbebce437249f9356e7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6760e1f1cf909fbebce437249f9356e7_JaffaCakes118
Size

153KB
MD5

6760e1f1cf909fbebce437249f9356e7
SHA1

0335a38978bddbeb3f5c858ad3e6ce74ac68d599
SHA256

bd2c035c4a36d69c9707be7188ccb7a105a61451bfa8b96ac25cfd6f1764dcb0
SHA512

b9e80b97f261827ba889c0ca2fee5784e851b508f596743765d8b7ff87856aba0b18d152a40efafd8ae8493aa45cceb7715025bd40dd48a9ba9793d982d0ad3a
SSDEEP

1536:cOg9u75XorTxUR5cTUB36gKCNk6F/qt378ZDUP3hXD4kKooqaJGCevsNvi:cJuNXMSR5R3XNkttOEKOoqaJAv+i

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6760e1f1cf909fbebce437249f9356e7_JaffaCakes118

Files

6760e1f1cf909fbebce437249f9356e7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d1ecff23101d1c678acd240d26072cb5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesA
WriteFile
LockResource
CreateFileA
LoadResource
SizeofResource
FindResourceA
Sleep
GetCurrentProcess
CopyFileA
SetFileAttributesA
CreateProcessA
lstrlenA
MultiByteToWideChar
GetModuleHandleA
GetStartupInfoA
GetVersion
GetModuleFileNameA
GetSystemDirectoryA
ExitProcess
CloseHandle
GetLastError
DeleteFileA
GetLogicalDriveStringsA
CreateMutexA

advapi32

RegSetValueExA
RegCloseKey
RegDeleteKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyA

mfc42

msvcp60

?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

msvcrt

_initterm
__getmainargs
_acmdln
exit
__setusermatherr
_exit
??1type_info@@UAE@XZ
_onexit
_setmbcp
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_XcptFilter
__CxxFrameHandler
memchr
_mbscmp
fclose
_controlfp
fseek
fread
fopen
__dllonexit

oleaut32

shlwapi

SHDeleteKeyA

urlmon

URLDownloadToFileA

user32

DrawIcon
GetSystemMenu
AppendMenuA
IsIconic
EnableWindow
EnumWindows
LoadIconA
GetSystemMetrics
SendMessageA
FindWindowA
ExitWindowsEx
SetTimer
IsWindow
GetWindowTextA
PostMessageA
GetClientRect

Sections

UPX0
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d1ecff23101d1c678acd240d26072cb5

Headers

File Characteristics

Imports

kernel32

advapi32

mfc42

msvcp60

msvcrt

oleaut32

shlwapi

urlmon

user32

Sections

UPX0 Size: 144KB - Virtual size: 144KB

.rsrc Size: 5KB - Virtual size: 8KB

.avc Size: 3KB - Virtual size: 4KB

UPX0
Size: 144KB - Virtual size: 144KB

.rsrc
Size: 5KB - Virtual size: 8KB

.avc
Size: 3KB - Virtual size: 4KB