744a36c3147e2bc1342a1b6b3e52860e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

744a36c3147e2bc1342a1b6b3e52860e_JaffaCakes118
Size

224KB
MD5

744a36c3147e2bc1342a1b6b3e52860e
SHA1

b54184fc8e9bb76c64f624d7f85bd9e877753e30
SHA256

1930a66ffdca1c5a04ccdda1164afbde044bb4c6a073cbea05efa326a7f1f6f3
SHA512

b18c9dc0ccbd133e56501d90bb9f010bb17bb0e903c2ce892b97fad071e88f56cde64d903b744cc1a2dfc383c5b6b8a9a28aa1d6952d9f0c6ff597bb272b6afb
SSDEEP

6144:aQAu12wpOK6wy2We5EVFwLcxm8Y41F5eX2n1zo:XOH8S0Lym8Y4teX4z

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
744a36c3147e2bc1342a1b6b3e52860e_JaffaCakes118

Files

744a36c3147e2bc1342a1b6b3e52860e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

af8342856881979725108c2589431aac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
GlobalAlloc
WriteConsoleA
CreateFileMappingA
WriteProfileStringA
BackupSeek
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
LoadLibraryA
SetConsoleActiveScreenBuffer
WritePrivateProfileStructA
GetModuleHandleA
IsBadStringPtrW
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetLastError
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
GetProcAddress
GetStringTypeW
VirtualProtect

user32

EnumWindowStationsA
GetAsyncKeyState
DestroyIcon
EnumPropsExA

gdi32

CreateBitmapIndirect
GetStockObject
RectInRegion

Sections

.text
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX0
Size: - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX1
Size: 223KB - Virtual size: 223KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

af8342856881979725108c2589431aac

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Sections

.text Size: - Virtual size: 15KB

.rdata Size: - Virtual size: 2KB

.data Size: - Virtual size: 95KB

.UPX0 Size: - Virtual size: 88KB

.UPX1 Size: 223KB - Virtual size: 223KB

.text
Size: - Virtual size: 15KB

.rdata
Size: - Virtual size: 2KB

.data
Size: - Virtual size: 95KB

.UPX0
Size: - Virtual size: 88KB

.UPX1
Size: 223KB - Virtual size: 223KB