868d1bb129d039f4119873a6ec8504f3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

868d1bb129d039f4119873a6ec8504f3_JaffaCakes118
Size

261KB
MD5

868d1bb129d039f4119873a6ec8504f3
SHA1

0af7445f75b5239ffac4c3646f05f2bebc949b88
SHA256

0bedb789b7ee50553d8beba475d297cdaf3248d8d8dcd5b7648e1f5ceedea600
SHA512

a8f10f2530e47e4f7766e3f490bf0e9697206384ce6d459e99be318a83c85d1fa6e166982a1e89f368bd0017acd330d67154d7653fb09bbdbf5a3833b378a23f
SSDEEP

6144:kayqTuLw5F88SgCpsS1EbAD7im4vpDVL7RQQZQf6KAe8ihh:+Cua88SEjbEwvpZBZQfZhh

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
868d1bb129d039f4119873a6ec8504f3_JaffaCakes118

Files

868d1bb129d039f4119873a6ec8504f3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

daaa849a0f5684c1f3f8f8d49dbe9af0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
FreeLibrary
GetModuleHandleA
InitializeCriticalSection
GetLocalTime
GetCurrentProcessId
GetCurrentThreadId
GetCurrentDirectoryA
CreateMutexA
LocalFree
GetVersionExA
GetLastError
LoadLibraryA
WaitForSingleObject
ExitProcess
RaiseException
QueryPerformanceCounter
GetTickCount
HeapCreate
IsBadWritePtr
TlsAlloc
SetUnhandledExceptionFilter
GetACP
GetOEMCP
GetCPInfo
GetCurrentProcess
GetStartupInfoA
GetEnvironmentStringsW
IsBadReadPtr
IsBadCodePtr
GetSystemInfo
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CreateDirectoryA
GetProcAddress

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
InitializeSecurityDescriptor
GetSidLengthRequired
InitializeAcl
InitializeSid
GetSidSubAuthority
AddAccessAllowedAce
SetSecurityDescriptorDacl
IsValidSecurityDescriptor

shell32

SHGetFolderPathA

msasn1

ASN1BEREncCheck
ASN1BERDecGeneralizedTime
ASN1_GetEncoderOption
ASN1BEREncLength
ASN1BERDecBool
ASN1BERDecSXVal
ASN1BEREncChar16String
ASN1BERDecCharString
ASN1BEREncChar32String
ASN1char32string_free
ASN1BEREncCharString
ASN1CEREncUTCTime
ASN1BERDecNull
ASN1_SetDecoderOption
ASN1bitstring_cmp
ASN1char32string_cmp
ASN1_CreateEncoder
ASN1BERDecLength
ASN1BEREncOpenType
ASN1BEREncSX

msident

DllGetClassObject

Sections

UPX1
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 86KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxVhJ
Size: 4KB - Virtual size: 943KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 131KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

daaa849a0f5684c1f3f8f8d49dbe9af0

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

msasn1

msident

Sections

UPX1 Size: 7KB - Virtual size: 7KB

.text Size: 17KB - Virtual size: 17KB

.rdata Size: 2KB - Virtual size: 4KB

.edata Size: 86KB - Virtual size: 134KB

.gxVhJ Size: 4KB - Virtual size: 943KB

.data Size: 8KB - Virtual size: 255KB

.edata Size: 131KB - Virtual size: 224KB

.rsrc Size: 2KB - Virtual size: 2KB

UPX1
Size: 7KB - Virtual size: 7KB

.text
Size: 17KB - Virtual size: 17KB

.rdata
Size: 2KB - Virtual size: 4KB

.edata
Size: 86KB - Virtual size: 134KB

.gxVhJ
Size: 4KB - Virtual size: 943KB

.data
Size: 8KB - Virtual size: 255KB

.edata
Size: 131KB - Virtual size: 224KB

.rsrc
Size: 2KB - Virtual size: 2KB