873e225356231ef37cb20ddc95d08cb3_JaffaCakes118

General

Target

873e225356231ef37cb20ddc95d08cb3_JaffaCakes118
Size

19KB
MD5

873e225356231ef37cb20ddc95d08cb3
SHA1

047ab085d0e32bfc741338058e989d882d285f8e
SHA256

66fe0affeb8f95a40e2411464642030f95f69438dede5c4ee839c573a9dc3095
SHA512

de61070c66855b0d428204525a9314b154653e326bfaae730498ba689f1587732bc0f273e8558d7264b89870e41f9bebab9dcece1b279067cd2662fc2b7139c6
SSDEEP

192:KJZknkVFJA26F339/uQHrXzT6kYJYmuUFq7J8+FR+JKKN8u06V:KHkkqNTuWnGHCAq7J8+3DoP0k

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
873e225356231ef37cb20ddc95d08cb3_JaffaCakes118

Files

873e225356231ef37cb20ddc95d08cb3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

646a2a9772e1e36c6debbd97f981a820

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

h��nz2n2"�a5�b��

lstrlenA
GetWindowsDirectoryA
GetTickCount
lstrcpynA
CreateThread
GetModuleFileNameA
GetModuleHandleA
GetTempPathA
lstrcatA
CopyFileA
ReleaseMutex
Sleep
GetSystemDirectoryA
CreateMutexA
OpenMutexA
TerminateProcess
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
DeleteFileA
CreateFileA
GetStartupInfoA
WriteFile
lstrcmpA
CloseHandle

5�b��

RegCloseKey
RegCreateKeyExA
RegSetValueExA

�ġ4��0@a��h��`0�f�sj��q��9�%��v��c

_strnicmp
_controlfp
_except_handler3
__set_app_type
__p__fmode
rand
sprintf
memset
srand
memcpy
strlen
strncpy
fclose
fread
fseek
fopen
strchr
strtok
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
_strcmpi

�h��`0�f�sj��q��9�%��v��c

ShellExecuteA

sj��q��9�%��v��c

wsprintfA

��9�%��v��c

InternetCloseHandle
InternetOpenA
InternetReadFile
InternetOpenUrlA

��v��c

Sections

UPX0
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

646a2a9772e1e36c6debbd97f981a820

Headers

File Characteristics

Imports

h����nz2n2"�a5�b��

5�b��

�ġ4��0@a��h�� �`0�f�sj��q���� ������9�%��v��c

�h�� �`0�f�sj��q���� ������9�%��v��c

sj��q���� ������9�%��v��c

������9�%��v��c

��v��c

Sections

UPX0 Size: 16KB - Virtual size: 16KB

.avc Size: 2KB - Virtual size: 4KB

h��nz2n2"�a5�b��

�ġ4��0@a��h��`0�f�sj��q��9�%��v��c

�h��`0�f�sj��q��9�%��v��c

sj��q��9�%��v��c

��9�%��v��c

UPX0
Size: 16KB - Virtual size: 16KB

.avc
Size: 2KB - Virtual size: 4KB