966814bdc6b37e9369d4b989dbce5b92_JaffaCakes118

General

Target

966814bdc6b37e9369d4b989dbce5b92_JaffaCakes118
Size

143KB
MD5

966814bdc6b37e9369d4b989dbce5b92
SHA1

9101d3d964f34b336b5a9ddf5cb558d42c518244
SHA256

b7de22fbf84b63458712f467d318ee061928ad5537c30101962347a3bb87d498
SHA512

f4294980a69b24dbd6ea148d8ba595db93389b5073dbcfc516afd5a5f35b82778320165ed0a62dfb22ef904e6c9afe07e1b3b32e91987c24bda57a0990bc91b8
SSDEEP

3072:b3JzLJ3Jh9ypXnhqskoWzMi+zQZqC5NnDNZ+sV7vhC/ld1HtMmqYr:bZvpJipczMi+sZfHZV7ZaKer

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
966814bdc6b37e9369d4b989dbce5b92_JaffaCakes118

Files

966814bdc6b37e9369d4b989dbce5b92_JaffaCakes118
.exe windows:5 windows x86 arch:x86

34b13c847810bd6458d17f352a75908b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord5296
ord5298
ord2717
ord4074
ord4692
ord5303
ord5285
ord5710
ord2977
ord3142
ord3254
ord4459
ord3131
ord3257
ord2980
ord3076
ord2971
ord3396
ord3825
ord3826
ord3820
ord3074
ord4075
ord4616
ord4418
ord3733
ord561
ord815
ord800
ord1594
ord3341
ord4124
ord858
ord540
ord538
ord940
ord927
ord942
ord2755
ord5706
ord2606
ord2756
ord922
ord6919
ord4197
ord6218
ord6219
ord641
ord2506
ord324
ord1569
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord6371
ord4480
ord535
ord825
ord1165

msvcrt

__p__commode
__p__fmode
__set_app_type
??1type_info@@UAE@XZ
__dllonexit
_onexit
_controlfp
_except_handler3
?terminate@@YAXXZ
_adjust_fdiv
_initterm
exit
__CxxFrameHandler
_wcsicmp
_exit
__setusermatherr
wcscmp
_wcmdln
__wgetmainargs
_cexit
_c_exit
_XcptFilter

kernel32

FindClose
FindFirstFileW
ExpandEnvironmentStringsW
GetCurrentDirectoryW
GetModuleHandleA
GetStartupInfoW

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysFreeString

shell32

ShellExecuteW

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 104KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

34b13c847810bd6458d17f352a75908b

Headers

DLL Characteristics

File Characteristics

Imports

mfc42u

msvcrt

kernel32

ole32

oleaut32

shell32

Sections

.text Size: 9KB - Virtual size: 9KB

.data Size: 512B - Virtual size: 420B

.rsrc Size: 28KB - Virtual size: 27KB

.UPX0 Size: 104KB - Virtual size: 252KB

.text
Size: 9KB - Virtual size: 9KB

.data
Size: 512B - Virtual size: 420B

.rsrc
Size: 28KB - Virtual size: 27KB

.UPX0
Size: 104KB - Virtual size: 252KB