729c1c038253da1ef9240cf6b1625623_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

729c1c038253da1ef9240cf6b1625623_JaffaCakes118
Size

1.2MB
MD5

729c1c038253da1ef9240cf6b1625623
SHA1

66466820290b6fc0140aae4864322eed3aeb1d1b
SHA256

a03030240bdd94d5e0716bb3c22fdcc8a915c870d644d214d69a62073fa3bdd3
SHA512

4a9e32db1ee30e2ee4710e1f4ccf9b5100435450685c6038ba463f2ce36ab794fc1837785e44d8c1d33fad3ba7c540139738361ee1a8859d9c1c08b6e15fca98
SSDEEP

24576:f6lbIEzW+/m/rF7kc1rF0QcScnvWxgO2fTe8dyv6FH8DJB:y7zWYNc1R0RnOuOW7dYKO

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
729c1c038253da1ef9240cf6b1625623_JaffaCakes118

Files

729c1c038253da1ef9240cf6b1625623_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8864948b624a33b260714f546b0b4009

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateFileA
CreateThread
DeleteFileA
ExitProcess
ExitThread
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetTempFileNameA
GetTempPathA
GetVersionExA
LoadLibraryA
LoadLibraryExA
OpenProcess
WriteProcessMemory
VirtualAlloc
VirtualFree
WriteFile

Sections

UPX0
Size: - Virtual size: 92KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pe
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 228KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 24KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.asdf
Size: 856KB - Virtual size: 860KB

.asdf
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

.sed5z
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA

.asdf
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

Sharing

General

Malware Config

Signatures

Files

8864948b624a33b260714f546b0b4009

Headers

File Characteristics

Imports

kernel32

Sections

UPX0 Size: - Virtual size: 92KB

UPX1 Size: 30KB - Virtual size: 32KB

.rsrc Size: 4KB - Virtual size: 4KB

.pe Size: 4KB - Virtual size: 4KB

.text Size: 228KB - Virtual size: 226KB

.rdata Size: 68KB - Virtual size: 64KB

.data Size: 24KB - Virtual size: 26KB

.rsrc Size: 4KB - Virtual size: 952B

.reloc Size: 12KB - Virtual size: 10KB

pebundle Size: 8KB - Virtual size: 8KB

.asdf Size: 856KB - Virtual size: 860KB

.asdf Size: 512B - Virtual size: 4KB

.sed5z Size: 512B - Virtual size: 4KB

.asdf Size: 512B - Virtual size: 4KB

UPX0
Size: - Virtual size: 92KB

UPX1
Size: 30KB - Virtual size: 32KB

.rsrc
Size: 4KB - Virtual size: 4KB

.pe
Size: 4KB - Virtual size: 4KB

.text
Size: 228KB - Virtual size: 226KB

.rdata
Size: 68KB - Virtual size: 64KB

.data
Size: 24KB - Virtual size: 26KB

.rsrc
Size: 4KB - Virtual size: 952B

.reloc
Size: 12KB - Virtual size: 10KB

pebundle
Size: 8KB - Virtual size: 8KB

.asdf
Size: 856KB - Virtual size: 860KB

.asdf
Size: 512B - Virtual size: 4KB

.sed5z
Size: 512B - Virtual size: 4KB

.asdf
Size: 512B - Virtual size: 4KB