81e3059e709276d8ed28cd38d81a8c91_JaffaCakes118

General

Target

81e3059e709276d8ed28cd38d81a8c91_JaffaCakes118
Size

233KB
MD5

81e3059e709276d8ed28cd38d81a8c91
SHA1

5757596a4e7a87274b82ec851f962ad6e1602fb0
SHA256

e4c4d43e5fbd7457ec015dd680c18e2da6f9f7bbb12ae74ae337fbfc4893a366
SHA512

2733ca35d562059266c87f57e9bc3551277ab21ebb924b90ce3b9145f270501d57c32ee82341d19a12fc68d8ff74b43cf6822b55372310000d9cb4cb367e7513
SSDEEP

6144:bf5XOyIcAyFD7lzD4iKsW1yNGcV1of+wvwi:L5eyIcAy9yqG9N

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
81e3059e709276d8ed28cd38d81a8c91_JaffaCakes118

Files

81e3059e709276d8ed28cd38d81a8c91_JaffaCakes118
.exe windows:6 windows x86 arch:x86

c93fd93bd6bc0a48153291ca3b76a836

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

DeviceProperties.pdb

Imports

kernel32

HeapSetInformation
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedCompareExchange
Sleep
InterlockedExchange
UnhandledExceptionFilter

user32

IsWindow

msvcrt

__p__fmode
_controlfp
__p__commode
?terminate@@YAXXZ
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_wtoi64
__setusermatherr
__set_app_type
_except_handler4_common

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 586B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c93fd93bd6bc0a48153291ca3b76a836

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

msvcrt

Sections

.text Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 888B

.rsrc Size: 83KB - Virtual size: 83KB

.reloc Size: 1024B - Virtual size: 586B

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 888B

.rsrc
Size: 83KB - Virtual size: 83KB

.reloc
Size: 1024B - Virtual size: 586B

UPX0
Size: 144KB - Virtual size: 380KB