790f8857676df2f2d4d2d80334dcfdd9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

790f8857676df2f2d4d2d80334dcfdd9_JaffaCakes118
Size

52KB
MD5

790f8857676df2f2d4d2d80334dcfdd9
SHA1

4361bd2ae0c24a9917bd9b1732722e287e2766fa
SHA256

cf42d9feb9aaaacb7321300fa15a853379c3c8ba78682c8cc06859e7cea9b394
SHA512

c0a382aa1a05dfa57d16e73ed99a6761660cc1401a16df7dc816a8274b6055ff3781714fa662f5a463313f91806182927be6ade666ec5eec3f6e9d43f35467b6
SSDEEP

768:kumbGkqGvH+Yxoo/hZKAKVeSFYdGM/dovhN7A:xUZxooJEAmeSigaI

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
790f8857676df2f2d4d2d80334dcfdd9_JaffaCakes118

Files

790f8857676df2f2d4d2d80334dcfdd9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1dd7ca0d6719bec50b27dcb8c25a98db

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
ReadFile
GetFileSize
CreateFileA
GetVolumeInformationA
TerminateProcess
OpenProcess
MoveFileExA
WriteFile
GetCurrentProcessId
SetFileAttributesA
GetModuleFileNameA
WaitForSingleObject
CreateProcessA
GetProcAddress
LoadLibraryA
DeleteFileA
FindFirstFileA
MultiByteToWideChar
lstrlenA
ResetEvent
CreateEventA
GetWindowsDirectoryA
lstrcmpA
WideCharToMultiByte
lstrlenW
GetModuleFileNameW
FreeLibrary
GetLastError
CreateMutexA
OutputDebugStringA
GetStartupInfoA
GetModuleHandleA
FindNextFileA
FindClose
GetCurrentThreadId
GetTempPathA
Sleep

advapi32

RegQueryValueExA
RegOpenKeyA
RegSetValueExA
RegCloseKey

msvcp60

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0_Lockit@std@@QAE@XZ
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??1_Lockit@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

msvcrt

__CxxFrameHandler
_wcsnicmp
_strnicmp
_strdup
_stricmp
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
_except_handler3
_beginthread
wcsstr
strncmp
fseek
ftell
fread
strpbrk
fwrite
fputs
swprintf
strtok
time
wcslen
exit
sprintf
fopen
memset
strncat
strncpy
strlen
strcpy
free
strstr
malloc
_strupr
strcat
memcpy
atoi
fclose
??2@YAPAXI@Z
fgets
fprintf
strcmp

ole32

CoCreateInstance
CoInitialize
CLSIDFromProgID

oleaut32

shell32

StrStrA

shlwapi

PathFileExistsA
SHDeleteKeyA

user32

GetForegroundWindow
SetForegroundWindow
SendMessageA
CharToOemA
GetActiveWindow

ws2_32

Sections

UPX0
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1dd7ca0d6719bec50b27dcb8c25a98db

Headers

File Characteristics

Imports

kernel32

advapi32

msvcp60

msvcrt

ole32

oleaut32

shell32

shlwapi

user32

ws2_32

Sections

UPX0 Size: 48KB - Virtual size: 48KB

.avc Size: 3KB - Virtual size: 4KB

UPX0
Size: 48KB - Virtual size: 48KB

.avc
Size: 3KB - Virtual size: 4KB