86b66641c3c41fcf06a335350d6a708d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

86b66641c3c41fcf06a335350d6a708d_JaffaCakes118
Size

177KB
MD5

86b66641c3c41fcf06a335350d6a708d
SHA1

03cc67a84c5ed1c85fb914a96fab7f4c73c9bdcd
SHA256

c8f9f1dae092e7ec4ec8207f7526bbd635a5c2fc1bca7fd7a1821e4a11ad4f4d
SHA512

bb93f5462902c9a186c35e5d1e7fcd1f89477e7515f5a32b27ae3a632c2d0db28d2e3fcff27c0e451fc5a5c6074fe78561f8a196210707964c7461cf617bc537
SSDEEP

3072:gyw5SkrPP9fmY0q8GSnXZmBamEFc0zcIYmZZqsZlcJY:xwkAPY/TGSnX0BamEO0wIZq2CY

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
86b66641c3c41fcf06a335350d6a708d_JaffaCakes118

Files

86b66641c3c41fcf06a335350d6a708d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7277b2d3029520714b36a007b7492ce5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
malloc
free
_wcsicmp
??1type_info@@UAE@XZ
wcslen
wcscpy
_CxxThrowException
_controlfp
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
wcstok
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
??2@YAPAXI@Z
??3@YAXPAX@Z
setlocale
_wcsnicmp
_snwprintf
swprintf
_ultoa
strncpy
wcsftime
localtime
time
_vsnwprintf
__CxxFrameHandler
realloc

atl

ord30

kernel32

UnlockFileEx
FlushFileBuffers
CreateFileW
LockFileEx
CloseHandle
GetFileSizeEx
SetFilePointerEx
GetTickCount
GetCurrentThreadId
OutputDebugStringW
QueryPerformanceCounter
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
SetThreadUILanguage
GetStartupInfoW
GetModuleHandleA
GetCurrentProcessId
GetStdHandle
GetCommandLineW
GetFileType
DeleteCriticalSection
Sleep
WriteFile
WideCharToMultiByte
GetConsoleOutputCP
GetLastError
WriteConsoleW
GetConsoleMode

ole32

CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoUninitialize
CLSIDFromString
CoTaskMemAlloc
CoTaskMemFree

user32

LoadStringW

oleaut32

SysFreeString

vssapi

ord6
?CreateVssBackupComponents@@YGJPAPAVIVssBackupComponents@@@Z

advapi32

RegOpenKeyExW
RegCloseKey
DeregisterEventSource
ReportEventW
RegisterEventSourceW
CloseServiceHandle
QueryServiceStatus
OpenServiceW
OpenSCManagerW
RegQueryValueExW

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7277b2d3029520714b36a007b7492ce5

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

atl

kernel32

ole32

user32

oleaut32

vssapi

advapi32

Sections

.text Size: 27KB - Virtual size: 27KB

.data Size: 512B - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 3KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 27KB - Virtual size: 27KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 3KB

UPX0
Size: 144KB - Virtual size: 380KB