8b9106a266c79f2cde0dced76eafc9c6_JaffaCakes118

General

Target

8b9106a266c79f2cde0dced76eafc9c6_JaffaCakes118
Size

136KB
MD5

8b9106a266c79f2cde0dced76eafc9c6
SHA1

484fbc2d5249afa0cd628e640a21abc024edeebb
SHA256

f4672e360e42e87d3684c1a61339a00a03e8cf832af4682a8a1d2f6e580ccf38
SHA512

b91d605c22b1d5ae1f8adda6c1718ad65f327ae36b5a2eff6965e3ba0a42fc94450c8c501705ef8cc89c3326a9da6d32074dfac96843bdbd373902f0d6f22a69
SSDEEP

3072:FzwyiGy7gTHtHMJol4OZtl4tKNi3ufdVHbsOa:FzwyivJsftz7HAOa

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8b9106a266c79f2cde0dced76eafc9c6_JaffaCakes118

Files

8b9106a266c79f2cde0dced76eafc9c6_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b5ba8d108dcb18c2dc685f86b61378e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

verclsid.pdb

Imports

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance
CLSIDFromString

kernel32

GetLastError
CloseHandle
FlushFileBuffers
SetStdHandle
SetFilePointer
ExitProcess
TerminateProcess
GetCurrentProcess
Sleep
CreateThread
SetErrorMode
GetCommandLineW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetVersionExA
GetProcAddress
GetModuleHandleA
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
InterlockedExchange
VirtualQuery
LoadLibraryA
HeapAlloc
VirtualAlloc
HeapReAlloc
WideCharToMultiByte
VirtualProtect
GetSystemInfo
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetCPInfo
ReadFile

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b5ba8d108dcb18c2dc685f86b61378e9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ole32

kernel32

Sections

.text Size: 24KB - Virtual size: 24KB

.data Size: 1KB - Virtual size: 6KB

.rsrc Size: 1024B - Virtual size: 992B

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 24KB - Virtual size: 24KB

.data
Size: 1KB - Virtual size: 6KB

.rsrc
Size: 1024B - Virtual size: 992B

.UPX0
Size: 108KB - Virtual size: 260KB