8aed765d106f0e2519bb0a9eb572c5f5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8aed765d106f0e2519bb0a9eb572c5f5_JaffaCakes118
Size

30KB
MD5

8aed765d106f0e2519bb0a9eb572c5f5
SHA1

2735389b2e9a781c904521212709d87eb242e342
SHA256

c3a3d7ddd8ca9c3e5c36f973e8c53c564b1c5a8eb0b863d967f6470ed8bdf509
SHA512

14b4d0f0c338921fcf03b24f1e85706d7cfbbde62dd50532de0bdf0fd48efe45c79c3354230fd789e2b8b315c9085db04dddb417c8ec704dd583c0ff49e6f250
SSDEEP

768:pqE8ra8eSrtY3TNkMtXH8PFxD+IlXTa6zhR5X:4iSRkTtXHoiCX1L

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
8aed765d106f0e2519bb0a9eb572c5f5_JaffaCakes118
unpack001/out.upx

Files

8aed765d106f0e2519bb0a9eb572c5f5_JaffaCakes118
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

@_virt_alloc
@_virt_commit
@_virt_decommit
@_virt_release
@_virt_reserve
_CLOCALE
_CMonetary
_CNumeric
_CTimeDate
__C0argc
__C0argv
__C0environ
__ErrorExit
__ErrorMessage
__ErrorMessageHelper
__ExcRegPtr
___CRTL_MEM_CheckBorMem
___CRTL_MEM_GetBorMemPtrs
___CRTL_MEM_Revector
___DOSerror
___ErrorMessage
___IOerror
___NTerror
___allocated
___eof
___errno
___fputn
___isatty
___isatty_osfhandle
___locale
___lseek
___org__expand
___org__fgetc
___org__msize
___org__read
___org__rtl_read
___org__rtl_write
___org__write
___org_calloc
___org_fflush
___org_fgetc
___org_fputc
___org_fputs
___org_free
___org_malloc
___org_memchr
___org_memcpy
___org_memmove
___org_memset
___org_perror
___org_strlen
___pCallAtExitProcs
___read
___write
__allocbuf
__argc
__bormm_pfn_FreeMem
__bormm_pfn_GetMem
__bormm_pfn_HeapAddRef
__bormm_pfn_HeapRelease
__bormm_pfn_ReallocMem
__c_exit
__cexit
__cfinfo_get
__cleanup
__create_shmem
__dll_table
__dosErrorToSV
__doserrno
__dup_handle
__exe_table
__exit
__exit_streams
__exitbuf
__exitfopen
__exitopen
__expand
__fgetc
__firstHeap
__flushout
__freeStart
__free_handle
__free_heaps
__get_handle
__getmbcp
__handles
__heap_redirector
__initMBCSTable
__init_exit_proc
__init_handles
__init_streams
__internal_free
__internal_free_heaps
__internal_malloc
__internal_realloc
__isWindows
__kalpha
__kpunct
__lastHeap
__linktable
__lldiv
__llmod
__llmul
__llshl
__llshr
__lludiv
__llumod
__llushr
__mbcsCodePage
__mbctype
__mbsrchr
__messagefile
__messagefunc
__msize
__nfile
__nv_heap_size
__openfd
__oscmd
__osenv
__ostype
__phys_avail
__pidtab
__read
__rover
__rtl_read
__rtl_write
__setmbcp
__smalloc_threshold
__stkbase
__streams
__sys_errlist
__sys_nerr
__terminate
__virt_chunk_free
__virt_chunk_free2
__virt_chunk_size
__virt_chunk_size2
__virt_heap_size
__wC0argv
__wC0environ
__woscmd
__wosenv
__write
__xfflush
_absol
_add
_big_to_bytes
_brand
_bytes_to_big
_calloc
_cinnum
_cinstr
_compare
_convert
_copy
_cotnum
_cotstr
_decr
_denom
_divide
_divisible
_dlconv
_ecp_memalloc
_ecp_memkill
_epoint_free
_epoint_init
_epoint_init_mem
_epoint_init_mem_variable
_errno
_exit
_exsign
_fflush
_fgetc
_fit
_fpack
_fputc
_fputs
_free
_get_mip
_getdig
_hamming
_igcd
_incr
_init_big_from_rom
_init_point_from_rom
_innum
_insign
_instr
_irand
_isqrt
_lgconv
_mad
_malloc
_memalloc
_memchr
_memcpy
_memkill
_memmove
_memset
_mirexit
_mirkill
_mirsys
_mirvar
_mirvar_mem
_mirvar_mem_variable
_mr_alloc
_mr_berror
_mr_first_alloc
_mr_free
_mr_lent
_mr_lzero
_mr_mip
_mr_naf_window
_mr_notint
_mr_padd
_mr_pmul
_mr_psub
_mr_sdiv
_mr_setbase
_mr_shift
_mr_shiftbits
_mr_testbit
_mr_track
_mr_window
_mr_window2
_muldiv
_muldvd
_muldvd2
_muldvm
_multiply
_negify
_normalise
_numdig
_numer
_otnum
_otstr
_perror
_point_at_infinity
_premult
_putdig
_recode
_remain
_set_io_buffer_size
_set_user_function
_sgcd
_size
_strlen
_subdiv
_subdivisible
_subtract
_uconvert
_zero

Sections

CODE
Size: 37KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INITDATA
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

EXITDATA
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 60KB

UPX1 Size: 27KB - Virtual size: 28KB

.rsrc Size: 1KB - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 37KB - Virtual size: 40KB

DATA Size: 9KB - Virtual size: 12KB

INITDATA Size: 512B - Virtual size: 4KB

EXITDATA Size: 512B - Virtual size: 4KB

.idata Size: 1KB - Virtual size: 4KB

.edata Size: 5KB - Virtual size: 8KB

.reloc Size: 2KB - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 60KB

UPX1
Size: 27KB - Virtual size: 28KB

.rsrc
Size: 1KB - Virtual size: 4KB

CODE
Size: 37KB - Virtual size: 40KB

DATA
Size: 9KB - Virtual size: 12KB

INITDATA
Size: 512B - Virtual size: 4KB

EXITDATA
Size: 512B - Virtual size: 4KB

.idata
Size: 1KB - Virtual size: 4KB

.edata
Size: 5KB - Virtual size: 8KB

.reloc
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 4KB