85ce389966aee9dfc1532f6e93590b6c_JaffaCakes118

General

Target

85ce389966aee9dfc1532f6e93590b6c_JaffaCakes118
Size

166KB
MD5

85ce389966aee9dfc1532f6e93590b6c
SHA1

7f1c781673d9dbdccfb8b07da8ef21867407f979
SHA256

9f02ba739ff5c44e91f735fe8c87d591874124f16b646310bec972cbd311bc6b
SHA512

01ead8b0566732460ac31ca5571c343f45d50b0634dbf69df6d91cd3768db08396c46833aba731c9767537ae4738fc88487ad475034dd52e9b44d8d0c6d489fe
SSDEEP

3072:RjgsQUEys2OPAtdTVpk2//6LGldBmBUpxnhqCDCdISv2qYj:pgsrEAdnBqy1phDLJqYj

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
85ce389966aee9dfc1532f6e93590b6c_JaffaCakes118

Files

85ce389966aee9dfc1532f6e93590b6c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

bd4af1b89de77d8c51144b887c9fb146

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

setup.pdb

Imports

kernel32

DisconnectNamedPipe
CloseHandle
FreeLibrary
GetLastError
ReadFile
ConnectNamedPipe
SetEvent
CreateNamedPipeA
OpenEventA
LoadLibraryA
GetProcAddress
GetModuleFileNameA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCommandLineA
GetVersionExA
ExitProcess
GetModuleHandleA
WriteFile
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
HeapAlloc
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
RtlUnwind
InterlockedExchange
VirtualQuery
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
VirtualProtect
GetSystemInfo

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bd4af1b89de77d8c51144b887c9fb146

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 18KB - Virtual size: 17KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 2KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 18KB - Virtual size: 17KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 2KB

UPX0
Size: 144KB - Virtual size: 380KB