8a811df89032ffc853874810721ce10d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8a811df89032ffc853874810721ce10d_JaffaCakes118
Size

1008KB
MD5

8a811df89032ffc853874810721ce10d
SHA1

3c384df57f3d89d8f6df760045c5a0644a0e195c
SHA256

91718f5769318199250b98dc94e9339d98e796d9dc47d58d5929de023df8dc31
SHA512

4b191602b9342b3df248b7ad7c9d07b0268fc7dd1253428d9dfb4f05cf684ef96aad88fa1174a1a70cd1c17de8bed6adf164f8dfb626665f509bc32ca93eaf66
SSDEEP

384:w9A/Vs3HOxFR5W+g3q5wo3Hy+KjcjdJie:wWdFW+iyS+k43/

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8a811df89032ffc853874810721ce10d_JaffaCakes118

Files

8a811df89032ffc853874810721ce10d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

19e4daa15f9ea9d0c71eee9b7a33839b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegSetValueExA
RegOpenKeyExA
RegCloseKey

gdi32

SelectObject
DeleteObject
CreateDCA
GetDeviceCaps
DeleteDC
GetObjectA
GetStockObject
SelectPalette
RealizePalette
GetDIBits
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt

gdiplus

GdipCloneImage
GdipAlloc
GdipFree
GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipDisposeImage
GdipSaveImageToFile
GdipLoadImageFromFile

kernel32.dll.

Process32Next
TerminateProcess
GetSystemDirectoryA
GetModuleHandleA
DeleteFileA
GetFileSize
ExitProcess
GlobalAlloc
GlobalLock
CreateFileA
WriteFile
GlobalUnlock
GlobalFree
FindNextFileA
MultiByteToWideChar
CompareFileTime
Sleep
Process32First
IsBadReadPtr
OpenProcess
GetModuleFileNameA
FindFirstFileA
VirtualProtect
GetLocalTime
CopyFileA
LoadLibraryA
GetProcAddress
CreateToolhelp32Snapshot
CloseHandle
CreateThread

msvcrt.dll.�

_adjust_fdiv
_initterm
_access
free
rename
remove
sscanf
fread
strchr
malloc
wcscmp
strncpy
strstr
fgets
strtok
sprintf
fopen
fwrite
fclose
_stricmp

ole32

CoCreateInstance
CoInitialize
CoUninitialize

shell32

ShellExecuteA
SHGetSpecialFolderPathA

shlwapi

PathFileExistsA

user32

GetDesktopWindow
ReleaseDC
GetWindowRect
GetDC

ws2_32

Exports

Exports

COMResModuleInstance
myIns

Sections

UPX0
Size: 1004KB - Virtual size: 1004KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

19e4daa15f9ea9d0c71eee9b7a33839b

Headers

File Characteristics

Imports

advapi32

gdi32

gdiplus

kernel32.dll.

msvcrt.dll.�

ole32

shell32

shlwapi

user32

ws2_32

Exports

Exports

Sections

UPX0 Size: 1004KB - Virtual size: 1004KB

UPX2 Size: 1024B - Virtual size: 4KB

.avc Size: 2KB - Virtual size: 4KB

UPX0
Size: 1004KB - Virtual size: 1004KB

UPX2
Size: 1024B - Virtual size: 4KB

.avc
Size: 2KB - Virtual size: 4KB