67a5c9571a4cb153cbf7a69407be345f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

67a5c9571a4cb153cbf7a69407be345f_JaffaCakes118
Size

149KB
MD5

67a5c9571a4cb153cbf7a69407be345f
SHA1

04ee7fea347a1c52eef71f153dc9a3aca6094fea
SHA256

82afdbe02affa9d7c4caa2ccd28df116def08e19f0ee68cec59ad077fb3ee399
SHA512

37c04bed87a7a476fe27f059ddb54bfdc515ec7d691ceaa3904f04930836d9a24b908c9963afb245d28fc58fc6250d19a2d59248a6f934db0574ea8cdfe0116f
SSDEEP

3072:mJMwiQMpC6Pat9Ik61G0NiJIfGi2o3I+VHmzHa05KyX2uMqzHGFaH/1V:mJVMMfGvXiJIOi2RkmraK2uFhH9V

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
67a5c9571a4cb153cbf7a69407be345f_JaffaCakes118

Files

67a5c9571a4cb153cbf7a69407be345f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cc4e4fe3194debd4a7e8f7f20665e2b7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Z:\botloader\fldr\pdb\fldr.pdb

Imports

ntdll

memcpy
strstr
NtFlushKey
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
NtOpenKey
NtCreateKey
NtSetValueKey
NtQueryValueKey
strncat
RtlUnwind
NtQueryVirtualMemory
_snprintf
_snwprintf
RtlInitUnicodeString
memset
NtWaitForSingleObject

kernel32

GetVersionExA
GetComputerNameA
GlobalMemoryStatus
GetVolumeInformationA
GetTickCount
ExpandEnvironmentStringsW
GetTempPathW
LocalFree
Sleep
GetModuleFileNameW
WaitForSingleObject

ws2_32

__WSAFDIsSet
inet_addr
WSAStartup
socket
setsockopt
closesocket
htons
connect
send
select
recv

advapi32

OpenProcessToken
GetTokenInformation
ConvertSidToStringSidW

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX1
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc4e4fe3194debd4a7e8f7f20665e2b7

Headers

File Characteristics

PDB Paths

Imports

ntdll

kernel32

ws2_32

advapi32

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.UPX0 Size: 1KB - Virtual size: 1KB

.UPX1 Size: 116KB - Virtual size: 115KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.UPX0
Size: 1KB - Virtual size: 1KB

.UPX1
Size: 116KB - Virtual size: 115KB

.reloc
Size: 2KB - Virtual size: 2KB