8405f84e0c643b57503481d55acd3de3_JaffaCakes118

General

Target

8405f84e0c643b57503481d55acd3de3_JaffaCakes118
Size

55KB
MD5

8405f84e0c643b57503481d55acd3de3
SHA1

f104f5b7c4265626e2cc5512b3a3ac243fbff660
SHA256

1c7670fa641fb6e361602e1a8df6dc1c5ddd55ce19ec2718a32820d7d4712614
SHA512

19ce58a39eca16d29f52c661639986fc268eb867f1aa28580040a84c8eaccf2db436798fd8727db987471f629ad8f1d87bf425465cf4c68c79d74ea0b0c32dd0
SSDEEP

768:bAnA64ZEL72NrXPTvSD/8j6DIvmvM5oR12Z9BMW0LRIw:bAX4i2NLqDUmCmUE09BMbRL

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8405f84e0c643b57503481d55acd3de3_JaffaCakes118

Files

8405f84e0c643b57503481d55acd3de3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

94d421426b7346cb5bd33df567a9c21d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
Sleep
CopyFileA
GetWindowsDirectoryA
GetLocaleInfoA
GetModuleFileNameA
SetEndOfFile
Process32Next
CloseHandle
Process32First
CreateToolhelp32Snapshot
HeapAlloc
HeapFree
GetProcessHeap
CompareStringA
CompareStringW
CreateProcessA
WriteFile
GetOEMCP
GetACP
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
GetLastError
ReadFile
SetEnvironmentVariableA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
RtlUnwind
GetStringTypeA
GetStringTypeW
SetFilePointer
SetStdHandle
FlushFileBuffers
CreateFileA
GetCPInfo

advapi32

RegSetValueExA
RegCloseKey
RegOpenKeyExA

rasapi32

RasEnumEntriesA

shell32

ShellExecuteA

urlmon

URLDownloadToFileA

wininet

InternetSetOptionA

Sections

UPX0
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

94d421426b7346cb5bd33df567a9c21d

Headers

File Characteristics

Imports

kernel32

advapi32

rasapi32

shell32

urlmon

wininet

Sections

UPX0 Size: 52KB - Virtual size: 52KB

.avp Size: 2KB - Virtual size: 4KB

UPX0
Size: 52KB - Virtual size: 52KB

.avp
Size: 2KB - Virtual size: 4KB