68f9840ca810188c0bd6b0fd85578414_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

68f9840ca810188c0bd6b0fd85578414_JaffaCakes118
Size

1.3MB
MD5

68f9840ca810188c0bd6b0fd85578414
SHA1

ec962f8bfda125ef57477cb52fd6457ea8bdadbf
SHA256

8202dd34a73daa319f80a3524cf7e224bb521c9c4cb95825fe5ec13a660e4cd6
SHA512

9a8b4d08cf8c1ca62e2d128d9b24c2cdd633bba99935ee94d620908c4ef7d6983b36ae4496d141830b2bf057ff3baf74c256edae6382ea85ece1208d5b595a48
SSDEEP

768:OyaRobWOxwN8NEvHTt1K4fjoWbZDND1u66R3QxVaNxEha5a0:OyaRobWOxwN8NgK4LD1G5QxVx/0

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
68f9840ca810188c0bd6b0fd85578414_JaffaCakes118

Files

68f9840ca810188c0bd6b0fd85578414_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d74ff484db4904644a6bb6fb24e6996b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcatA
TerminateProcess
GetModuleFileNameA
GetExitCodeThread
LocalFree
lstrcpynA
MultiByteToWideChar
CloseHandle
lstrlenA
LoadLibraryA
GetProcAddress
GetLastError
FreeLibrary
lstrcpyA
OutputDebugStringA
WaitForSingleObject
CreateThread
GlobalFree
WriteFile
SetFilePointer
GlobalAlloc
CreateFileA
GetStartupInfoA
GetModuleHandleA
lstrcmpA
RemoveDirectoryA
GetVersionExA
OpenProcess
DeleteFileA
GetWindowsDirectoryA
ReadFile
lstrcmpiA
CopyFileA
CreateProcessA
GetSystemDirectoryA
GetFileSize
Sleep
CreateDirectoryA

advapi32

RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

mfc42

msvcrt

__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
__set_app_type
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
strchr
atoi
memcpy
_except_handler3
atof
_mbscmp
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
memcmp
strstr
memset
_controlfp
__CxxFrameHandler
_CxxThrowException

ole32

CLSIDFromProgID
CLSIDFromString
CoUninitialize
CoCreateInstance
OleRun
CoInitialize

oleaut32

rpcrt4

UuidFromStringA

shell32

ShellExecuteA

user32

MessageBoxA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

UPX0
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d74ff484db4904644a6bb6fb24e6996b

Headers

File Characteristics

Imports

kernel32

advapi32

mfc42

msvcrt

ole32

oleaut32

rpcrt4

shell32

user32

version

Sections

UPX0 Size: 44KB - Virtual size: 44KB

.rsrc Size: 1KB - Virtual size: 4KB

.avp Size: 2KB - Virtual size: 4KB

UPX0
Size: 44KB - Virtual size: 44KB

.rsrc
Size: 1KB - Virtual size: 4KB

.avp
Size: 2KB - Virtual size: 4KB