8bbea3e28ae664f8b199883533323c63_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8bbea3e28ae664f8b199883533323c63_JaffaCakes118
Size

268KB
MD5

8bbea3e28ae664f8b199883533323c63
SHA1

490014c881981e7cac01364d276a48539ef58823
SHA256

9ee7d96b9c653c3b42765b9aa3ffe2f4cf1b8bfd4a98879eccf6c4d79116c703
SHA512

835a385697f8e8b5e25913d9aecb40ab36e59475e02fa4dfe4276af5bb9f96c53e49db752996eee62edf9f51143bb3a607df3b989d23cbac71ef9e23bd451a39
SSDEEP

3072:HfwW+LAdU+sQpLaFEr0eQa5cofoolXpUthP9wbyva3xxMVIzOZtDw9rgqwl+U4p:HfELrNJF80Fa5cofpX6FwbyIMoOZ2Nv5

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8bbea3e28ae664f8b199883533323c63_JaffaCakes118

Files

8bbea3e28ae664f8b199883533323c63_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fac66e1c62d8542c266638759ae453e4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
DeleteCriticalSection
InterlockedIncrement
lstrlenW
MultiByteToWideChar
lstrlenA
GetShortPathNameA
GetModuleHandleA
GetModuleFileNameA
WideCharToMultiByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
GetLastError
LoadLibraryExA
GetCommandLineA
InitializeCriticalSection
HeapDestroy
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcatA
LeaveCriticalSection
EnterCriticalSection
WriteFile
CreateFileA
ResetEvent
SetThreadPriority
lstrcmpiA
Sleep
CreateEventA
CreateThread
WaitForSingleObject
CloseHandle
InterlockedDecrement
IsDBCSLeadByte
lstrcpynA
SetEvent
GetTimeZoneInformation
RaiseException
SetStdHandle
ExitProcess
IsBadReadPtr
GetFileType
IsBadCodePtr
SetHandleCount
GetEnvironmentStringsW
GetStdHandle
SetEnvironmentVariableA
ReadFile
SetEndOfFile
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
SetFilePointer
GetStartupInfoA
FreeEnvironmentStringsA
GetSystemTimeAsFileTime
UnhandledExceptionFilter
CompareStringW
CompareStringA
GetOEMCP
GetACP
GetCPInfo
HeapSize
HeapFree
HeapAlloc
HeapReAlloc
RtlUnwind
GetEnvironmentStrings
FreeEnvironmentStringsW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
FlushFileBuffers
GetVersion
GetEnvironmentVariableA
GetVersionExA
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr

user32

PostThreadMessageA
CharNextA
SendMessageA
DispatchMessageA
GetMessageA
MessageBoxA

advapi32

RegDeleteKeyA
RegCreateKeyExA
RegDeleteValueA
RegCloseKey
RegOpenKeyExA
RegEnumKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumValueA

ole32

CoCreateInstance
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CoUninitialize

oleaut32

SysFreeString
VariantClear
SysReAllocString
SysStringLen
LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
SysAllocString
VarUI4FromStr

Sections

.text
Size: 120KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 104KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fac66e1c62d8542c266638759ae453e4

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 120KB - Virtual size: 116KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 16KB - Virtual size: 21KB

.rsrc Size: 8KB - Virtual size: 7KB

.UPX0 Size: 104KB - Virtual size: 252KB

.text
Size: 120KB - Virtual size: 116KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 16KB - Virtual size: 21KB

.rsrc
Size: 8KB - Virtual size: 7KB

.UPX0
Size: 104KB - Virtual size: 252KB