6880d2f11220bad5877168f71e3cf580_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6880d2f11220bad5877168f71e3cf580_JaffaCakes118
Size

35KB
MD5

6880d2f11220bad5877168f71e3cf580
SHA1

d412286f5a92275fcd905c646a256b09013f619c
SHA256

2d0800d4613524fe221537eb30c0b985eae849561170e76b1869f0c42f462464
SHA512

a543745e3f07aa8597b081715b367f977744b4b85636ff9112e833f73791ad30be1a7acf69013c0c1858280b034cb492b3119e6d058167c4aeb050ca7a346f68
SSDEEP

768:dFWdngLdbaewkOzoQOCN/l5ezwFoi51sB/pXY/RNKd8Lr/:dXBblwkcory3eIRsDXY/X2

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
6880d2f11220bad5877168f71e3cf580_JaffaCakes118
unpack001/out.upx

Files

6880d2f11220bad5877168f71e3cf580_JaffaCakes118
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 84KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

@_virt_alloc
@_virt_commit
@_virt_decommit
@_virt_release
@_virt_reserve
_CLOCALE
_CMonetary
_CNumeric
_CTimeDate
__C0argc
__C0argv
__C0environ
__ErrorExit
__ErrorMessage
__ErrorMessageHelper
__ExcRegPtr
___CRTL_MEM_CheckBorMem
___CRTL_MEM_GetBorMemPtrs
___CRTL_MEM_Revector
___DOSerror
___ErrorMessage
___IOerror
___NTerror
___allocated
___eof
___errno
___fputn
___isatty
___isatty_osfhandle
___locale
___lseek
___org__expand
___org__fgetc
___org__msize
___org__read
___org__rtl_read
___org__rtl_write
___org__write
___org_calloc
___org_fflush
___org_fgetc
___org_fputc
___org_fputs
___org_free
___org_malloc
___org_memchr
___org_memcpy
___org_memmove
___org_memset
___org_perror
___org_strlen
___pCallAtExitProcs
___read
___write
__allocbuf
__argc
__bormm_pfn_FreeMem
__bormm_pfn_GetMem
__bormm_pfn_HeapAddRef
__bormm_pfn_HeapRelease
__bormm_pfn_ReallocMem
__c_exit
__cexit
__cfinfo_get
__cleanup
__create_shmem
__dll_table
__dosErrorToSV
__doserrno
__dup_handle
__exe_table
__exit
__exit_streams
__exitbuf
__exitfopen
__exitopen
__expand
__fgetc
__firstHeap
__flushout
__freeStart
__free_handle
__free_heaps
__get_handle
__getmbcp
__handles
__heap_redirector
__initMBCSTable
__init_exit_proc
__init_handles
__init_streams
__internal_free
__internal_free_heaps
__internal_malloc
__internal_realloc
__isWindows
__kalpha
__kpunct
__lastHeap
__linktable
__lldiv
__llmod
__llmul
__llshl
__llshr
__lludiv
__llumod
__llushr
__mbcsCodePage
__mbctype
__mbsrchr
__messagefile
__messagefunc
__msize
__nfile
__nv_heap_size
__openfd
__oscmd
__osenv
__ostype
__phys_avail
__pidtab
__read
__rover
__rtl_read
__rtl_write
__setmbcp
__smalloc_threshold
__stkbase
__streams
__sys_errlist
__sys_nerr
__terminate
__virt_chunk_free
__virt_chunk_free2
__virt_chunk_size
__virt_chunk_size2
__virt_heap_size
__wC0argv
__wC0environ
__woscmd
__wosenv
__write
__xfflush
_absol
_add
_big_to_bytes
_bigbits
_brand
_bytes_to_big
_calloc
_cinnum
_cinstr
_compare
_convert
_copy
_cotnum
_cotstr
_decr
_denom
_divide
_divisible
_dlconv
_double_inverse
_ecp_memalloc
_ecp_memkill
_epoint_free
_epoint_init
_epoint_init_mem
_epoint_init_mem_variable
_errno
_exit
_expb2
_exsign
_fflush
_fgetc
_fit
_fpack
_fputc
_fputs
_free
_get_mip
_getdig
_hamming
_igcd
_incr
_init_big_from_rom
_init_point_from_rom
_innum
_insign
_instr
_irand
_isqrt
_kill_monty
_lgconv
_logb2
_mad
_malloc
_memalloc
_memchr
_memcpy
_memkill
_memmove
_memset
_mirexit
_mirkill
_mirsys
_mirvar
_mirvar_mem
_mirvar_mem_variable
_mr_alloc
_mr_berror
_mr_first_alloc
_mr_free
_mr_lent
_mr_lzero
_mr_mip
_mr_naf_window
_mr_notint
_mr_padd
_mr_pmul
_mr_psub
_mr_sdiv
_mr_setbase
_mr_shift
_mr_shiftbits
_mr_testbit
_mr_track
_mr_window
_mr_window2
_muldiv
_muldvd
_muldvd2
_muldvm
_multi_inverse
_multiply
_negify
_normalise
_nres
_nres_dotprod
_nres_double_inverse
_nres_double_modadd
_nres_double_modsub
_nres_lazy
_nres_modadd
_nres_moddiv
_nres_modmult
_nres_modsub
_nres_multi_inverse
_nres_negate
_nres_powltr
_nres_powmod
_nres_powmod2
_nres_powmodn
_nres_premult
_numdig
_numer
_otnum
_otstr
_perror
_point_at_infinity
_powltr
_powmod
_powmod2
_powmodn
_premult
_prepare_monty
_putdig
_recode
_redc
_remain
_set_io_buffer_size
_set_user_function
_sftbit
_sgcd
_size
_strlen
_subdiv
_subdivisible
_subtract
_uconvert
_xgcd
_zero

Sections

CODE
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INITDATA
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

EXITDATA
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 84KB

UPX1 Size: 33KB - Virtual size: 36KB

.rsrc Size: 1KB - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 52KB - Virtual size: 52KB

DATA Size: 31KB - Virtual size: 32KB

INITDATA Size: 512B - Virtual size: 4KB

EXITDATA Size: 512B - Virtual size: 4KB

.idata Size: 2KB - Virtual size: 4KB

.edata Size: 6KB - Virtual size: 8KB

.reloc Size: 3KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 84KB

UPX1
Size: 33KB - Virtual size: 36KB

.rsrc
Size: 1KB - Virtual size: 4KB

CODE
Size: 52KB - Virtual size: 52KB

DATA
Size: 31KB - Virtual size: 32KB

INITDATA
Size: 512B - Virtual size: 4KB

EXITDATA
Size: 512B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.edata
Size: 6KB - Virtual size: 8KB

.reloc
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 4KB