6ee13d255cf25425fbf8ded9be3e65fa_JaffaCakes118

General

Target

6ee13d255cf25425fbf8ded9be3e65fa_JaffaCakes118
Size

56KB
MD5

6ee13d255cf25425fbf8ded9be3e65fa
SHA1

0d54c7e15fc5d83780ea3a9a89cabd1f1ddd3691
SHA256

06c65d23695586c32301c71f0301a19eac1a3068a44a44cca35b312068e1d230
SHA512

4f959917c901b42fae78deaaf0f90fbdfeee25345a650c93409121385a76837d5050278aa517538d00001a544bf3456229409126f7d5c89fd8ba83fe7fd87518
SSDEEP

768:Zy0qAQromwPAVhI9l2HsLzfkBr8DyVpxzeS8ohQw:Q0qAQjVhIb2Hsffkzjw0X

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6ee13d255cf25425fbf8ded9be3e65fa_JaffaCakes118

Files

6ee13d255cf25425fbf8ded9be3e65fa_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d916c029beb68f10f1e2febc6339b47b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

lstrlenW
WriteProcessMemory
VirtualAllocEx
Sleep
SetFilePointer
ReadProcessMemory
ReadFile
OpenProcess
LoadLibraryA
GetSystemDirectoryA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLastError
GetFileSize
GetCurrentProcess
CreateThread
CreateRemoteThread
CreateFileA
CompareStringA
CloseHandle
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetVersion
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
GetThreadLocale
GetStartupInfoA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

user32

TranslateMessage
SetTimer
GetMessageA
DispatchMessageA
GetKeyboardType
MessageBoxA

wininet

InternetReadFile
InternetOpenA
InternetConnectA
InternetCloseHandle
HttpSendRequestA
HttpQueryInfoA
HttpOpenRequestA

Sections

UPX0
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d916c029beb68f10f1e2febc6339b47b

Headers

File Characteristics

Imports

kernel32

advapi32

user32

wininet

Sections

UPX0 Size: 52KB - Virtual size: 52KB

.rsrc Size: 1KB - Virtual size: 4KB

.avc Size: 2KB - Virtual size: 4KB

UPX0
Size: 52KB - Virtual size: 52KB

.rsrc
Size: 1KB - Virtual size: 4KB

.avc
Size: 2KB - Virtual size: 4KB