6a072f77d0927c6b736b9ca43f71b503_JaffaCakes118

General

Target

6a072f77d0927c6b736b9ca43f71b503_JaffaCakes118
Size

421KB
MD5

6a072f77d0927c6b736b9ca43f71b503
SHA1

7654d6917d1a8d8497f56e63da5218bc49fe6ec2
SHA256

33768d26735ac96f7c89d3d35887ea41786e154ae56377f30fbfd2fd101f6b42
SHA512

6bfb2ecbb3324fc717e045f1ca48c50e37155c83bffe0a4e3245b7244a74e6c12b2bb235c4d4485972a0bdc6c8f4235a9a1930d42fea672e4b6205fdba5883cb
SSDEEP

12288:O1mQU0SXICh/zLRAXBN9Dqq8RjMxkYTLpEqEK:O8GSXR5Avr8RzYB4K

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6a072f77d0927c6b736b9ca43f71b503_JaffaCakes118

Files

6a072f77d0927c6b736b9ca43f71b503_JaffaCakes118
.exe windows:4 windows x86 arch:x86

64c358200df9141f56d68531ad9d3b6f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

CM_Get_Depth
SetupDiGetDeviceRegistryPropertyW
CMP_WaitNoPendingInstallEvents
CM_Get_DevNode_Status

kernel32

GetFileType
GlobalAddAtomW
HeapCreate
IsBadReadPtr
SetHandleCount
HeapReAlloc
GetModuleFileNameA
GetCPInfo
FreeEnvironmentStringsA
FatalAppExitA
GetACP
SetFilePointer
GetEnvironmentStrings
WriteFile
SetUnhandledExceptionFilter
VirtualAlloc
WideCharToMultiByte
IsBadCodePtr
EnumResourceNamesA
FreeEnvironmentStringsW
GetEnvironmentVariableA
GetDateFormatW
HeapDestroy
SetConsoleCtrlHandler
UnhandledExceptionFilter
GetEnvironmentStringsW
GetOEMCP
GetStdHandle
IsBadWritePtr
VirtualFree
GetStartupInfoA
GetCurrentThread

gdi32

GetGraphicsMode
PolylineTo
MoveToEx
IntersectClipRect
GetStockObject
LineTo
SetGraphicsMode
SetROP2
Rectangle
SetBrushOrgEx
PolyBezierTo
CloseFigure
GetClipBox
SelectClipPath
FillPath
GetWorldTransform
BeginPath
EndPath
CreatePatternBrush
PolyDraw

Sections

.text
Size: 147KB - Virtual size: 279KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

64c358200df9141f56d68531ad9d3b6f

Headers

File Characteristics

Imports

setupapi

kernel32

gdi32

Sections

.text Size: 147KB - Virtual size: 279KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 125KB - Virtual size: 125KB

.rsrc Size: 1024B - Virtual size: 4KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 147KB - Virtual size: 279KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 125KB - Virtual size: 125KB

.rsrc
Size: 1024B - Virtual size: 4KB

UPX0
Size: 144KB - Virtual size: 380KB