859f500c43a2b45f53613e55e39c640f_JaffaCakes118

General

Target

859f500c43a2b45f53613e55e39c640f_JaffaCakes118
Size

128KB
MD5

859f500c43a2b45f53613e55e39c640f
SHA1

738e3c9223eb84f575b11fd2f996ec571f3af727
SHA256

a4062b4cc954402a41ac769cd2a1915d634f80b68613a5e8a14eace073468613
SHA512

32b44b617c1d6483661b6ca5218ce60546d7a7bfa55c3bdfc3efdee5f9a9cd51b4ebf2202fc4f68278ab227005c8a9c20a6ac387d26a5a8beb786a53f4cbedaa
SSDEEP

768:xkeY3jCFyx75ELTLYIvns0d5pTrMpbKBvFB9GmRXydD7YpUSoggy5qQCBg:e3GFyx1ETjvVxrMKswXydKip6

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
859f500c43a2b45f53613e55e39c640f_JaffaCakes118

Files

859f500c43a2b45f53613e55e39c640f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8f56b0007a51b81f6ccff5bac668c72e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
ReadFile
CreateDirectoryA
GetProcAddress
GetPrivateProfileStringA
ResetEvent
LoadLibraryA
WritePrivateProfileStringA
GetTickCount
CloseHandle
DeleteFileA
lstrcpyA
CreateToolhelp32Snapshot
Process32First
CompareStringA
TerminateProcess
FreeLibrary
lstrlenA
SetFilePointer
GetFileSize
CreateFileA
GetModuleHandleA
PulseEvent
GetTempPathA
GetModuleFileNameA
GetFileAttributesA
lstrcatA
FindResourceA
LoadResource
RtlUnwind
HeapAlloc
HeapFree
GetProcessHeap
ExitProcess
CreateEventA
SetEvent
GetLastError
CreateThread
WaitForSingleObject
GetVersionExA
OpenProcess
ExitThread

advapi32

RegOpenKeyA
RegEnumKeyExA
RegQueryValueExA
RegCreateKeyExW
RegSetValueExA
RegCloseKey

ole32

CoInitialize

shell32

SHGetFolderPathA

shlwapi

PathAppendA

user32

CreateWindowExA
CharToOemA
wsprintfA
GetParent
TranslateMessage
IsWindow
DestroyWindow
MsgWaitForMultipleObjects
DispatchMessageA
PeekMessageA

Sections

UPX0
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8f56b0007a51b81f6ccff5bac668c72e

Headers

File Characteristics

Imports

kernel32

advapi32

ole32

shell32

shlwapi

user32

Sections

UPX0 Size: 124KB - Virtual size: 124KB

.rsrc Size: 1KB - Virtual size: 4KB

.avc Size: 1KB - Virtual size: 4KB

UPX0
Size: 124KB - Virtual size: 124KB

.rsrc
Size: 1KB - Virtual size: 4KB

.avc
Size: 1KB - Virtual size: 4KB