875fba2ab80805fc6eb289172afeb32d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

875fba2ab80805fc6eb289172afeb32d_JaffaCakes118
Size

160KB
MD5

875fba2ab80805fc6eb289172afeb32d
SHA1

28ae167ece4dffd01731e36ce396bd2e067b7810
SHA256

4c8c614e3d15d3f739f588e22099c9f61921bd4d0393d31bd7e37b402124f6c6
SHA512

c99ff99ecef1e935e6cb274f92b94b57028bfd759af914036f69edf99dc301d70d1e44ccb4c88c8115153b542d56ee6c8f5363255ccc46c510da81873ce24cdb
SSDEEP

3072:fc8M7axqPomJhez3J52O2exV8R8xRQ8gutZNpvMUZVKwQGCS8d+NJ5ypLpLCyxBd:eaxqQmiZ8O2exV8RkBRLpvMeVKDG8iJe

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
875fba2ab80805fc6eb289172afeb32d_JaffaCakes118

Files

875fba2ab80805fc6eb289172afeb32d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a7676c60ddfa40516f60fb515f68ede5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__p__fmode
??2@YAPAXI@Z
__CxxFrameHandler
_purecall
printf
wcsstr
toupper
_CxxThrowException
?terminate@@YAXXZ
_controlfp
_except_handler3
??1type_info@@UAE@XZ
__set_app_type
??3@YAXPAX@Z
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__initenv
exit
_cexit
_XcptFilter
_exit
_c_exit

kernel32

lstrcpyW
GetModuleFileNameW
lstrlenW
lstrcatW
ExitProcess
SetEvent
GetLastError
CreateEventW
GetCurrentThreadId
GetCommandLineW
GetModuleHandleA
InterlockedIncrement
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection

wbemcomn

??1CUnk@@UAE@XZ
?QueryInterface@CUnk@@UAGJABU_GUID@@PAPAX@Z
?AddRef@CUnk@@UAGKXZ
?Release@CUnk@@UAGKXZ
?Initialize@CUnk@@UAEHXZ
??0CUnk@@QAE@PAVCLifeControl@@PAUIUnknown@@@Z

ole32

CoInitialize
CoInitializeSecurity
StringFromGUID2
CoRevokeClassObject
CoRegisterClassObject

advapi32

CreateServiceW
RegSetValueExW
RegCreateKeyW
RegDeleteKeyW
RegOpenKeyW
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
RegCloseKey
OpenSCManagerW
DeleteService
OpenServiceW

user32

wsprintfW
PostThreadMessageW
SetTimer
TranslateMessage
DispatchMessageW
PostQuitMessage
GetMessageW

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a7676c60ddfa40516f60fb515f68ede5

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

wbemcomn

ole32

advapi32

user32

Sections

.text Size: 14KB - Virtual size: 13KB

.data Size: 512B - Virtual size: 156B

.rsrc Size: 1024B - Virtual size: 968B

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 14KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 156B

.rsrc
Size: 1024B - Virtual size: 968B

UPX0
Size: 144KB - Virtual size: 380KB