a0ee8923a08258efa784c55a224bd677_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a0ee8923a08258efa784c55a224bd677_JaffaCakes118
Size

2.2MB
MD5

a0ee8923a08258efa784c55a224bd677
SHA1

3be7a22fc28bec9e8ca83b2ad0a8a80f51786d9c
SHA256

fc66e1bb1edaf4801a3e7774dbc40fac620d7e96c26adb1ae68458b1fa704af7
SHA512

7fc58cbb6cdb052bb7ce765fd68f423d0b32888250b3988acafb9fb648eaf961701ad667989f13b77d5529d7298cbd7154ca989e4173da3808ca69de010a67ce
SSDEEP

49152:FW2AqGxr2T7fTPgR4F0nEZ9fJwyXYCW4iEE2uNEKxeWDtAI/3:FW0GN2T3KQ0n4w8v1uNIyKY

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a0ee8923a08258efa784c55a224bd677_JaffaCakes118

Files

a0ee8923a08258efa784c55a224bd677_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8ef145507a6ded53f6a1866d0d08e4ef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetProcAddress
GetModuleHandleA
LoadLibraryA
VirtualAlloc
VirtualFree
GetModuleFileNameA
ExitProcess

user32

PostQuitMessage
MessageBoxA

advapi32

RegFlushKey

oleaut32

GetErrorInfo

version

GetFileVersionInfoA

gdi32

GetObjectA

ole32

CoTaskMemFree

comctl32

ImageList_SetDragCursorImage

shell32

ShellExecuteA

gdiplus

GdipFree

Exports

Exports

Fc�1|�� ~�z��lD�3�� m��)<��%}�$@��m��ܩ ]E f��?O��˶��T�v_�q��ʹ)��0��5~��V]�� fM�v�<�M�$]�p�!;�T�n��V$�I��0�v��ͅ-f�°55�`��S 6��Y;�|��6'��р��vSXg��N�b=IY��5��).�"LO��/�poqF��7{�� <V��k�\KRK�ԁ>m��!��Qe��N�g"��F�1�(�j�]!��9.�3��0��@�|��!��`��׋��Q ��f��ʰ�g�E�T3QE�j�~|��(�Q\��z�I i\BU43�z?�i7�.˚�=�~,J�)ČY=;�P�ya�n�ʥ��J|��.��c[+��į��׃��y٠�8�\��7s��?�L6Z<%�(��z�N�/��f_��c�m4XZ0 Ve�?��l�4��h��\wg[��aK6��M�~;�\:��Kj�R;�`��w�m�~�lt5��Kr�'6�z�/<��"v��pI��ͦ��(.��d ��MD�~z��V��%?��OiN��;��a.�Ku=K�M�]��ض�VO�a��=*I��`V$i��'YY�e��Y*bq��1+��E%aB�Klb��3\G��P��N:��Fт�.�V�S��ރ��d8�toqR��V�GcL��;��7��{W�j��@;iC�)��C��R��f(F�~r�)D>��׽�<��*6(OJBH4cUWr�=��9 ��Rz𩼴B6�0��yFYn?+n��l[a(-@�r;��z�Z��%��3�@MD��n��=Jً�8��"�w�-��W�T�� R��HNX��D��I� BCx�R`�K ޡ/�,n��+)�P�#��x��\�� <j�^��3��|JQ��o+p�酂�ՙ��N}� p1;��ܕ\FX�o��VtC��;D`w�;��e��1wC%xRi��5��J�7&��~��>��l�H��of�9�S�8��M� �P�B�h��媗|8�F�a��7��v��3��e��a�R�/�F��I"��xƳ�I7��w��ӹG�o��0W��3��-@qJ1Kዟp�%�;v@�)҄7m:*�{jNus�hN|��).�BV�{�p8oy�Ă� ��m�3T��@6Z(��(%�� f�r�Yq_��Y��I}5�l'��z�fR^A3�v��ۇ�&�Cњ@j9�p��V�:M��LxP,��8#>��۲��w�O?��S��#cb��_5��vٞh�l���i�hFd(=7��uq7˯��dG��9��,�?�4��~�c�u��[�� [4}\�2��bN)ܾ�*s��۬b�l�8ϕ0��zb%[ݰ�X/!3:��vYj�z(�/�p�`��y-sJ��Fʂ ��,+��N�1��&�}pU�3��H*��V��P�Rp(�=��F��#Xd� �c�곍,�)ŕʪK1QY9�b� �0��F]��(P�~d��m��*�Ԗզ��z4��}|�'��-2|{Ʈ|b��c�XL�h��#u�ԗ�v��'7v{W��qi�=�i6t��L� d�[�劬K��a�� Yh 0_�+��Y�Vg��S�ꔹk�ވ�̵� B��i�>��8z�u?��_:��"E��`��t��w�8�\��i��&��]c��ALa��_�nu��7�)&�n{�[ ��h��6��9ː��E��#��~��d��r�;>��s�I��;��ׄ�?��cb�^��e�cU�S9LxJ#%Ƕ(��~��j�V]w�P� �Z�� rEt��N�~�N?R��S(H�:pa9Y��ʌ*��w�X�[�I䖋_8J��M��^�HWW�B!~2T\+�s<\\�n��A�UՆb׽�p�8>.}3�q^��~�)UMG�8p�2��=,X�� =3��8٭��`'��<� �`C�熮�}�z��k!v�Ύ��1�L� ��<s��/��x��H{��Q��\0!��5t��y�u7&��9&��)=�;T¯�QH��5 $)��j�� }�%��,_��E�_~��)��p�G��J�l��Lw��ϛ��ְT��Tّ�wb��NB��Y? e��]B�WFq_�r�!��1�H��ɖ��跠�vup60��ļ��>�*��IA��A`��R1Z"�x�"��Ϫ5�T��{�̇�*��C��^7��i�k��Ck�� A�h�H��~�)j�U�K�#3Bgf��#�YW�SH�&�� c�_N6��= �;��s#��Ԯ�͘�8}탰�d�N^��0�K4�'�,UO`��bO.WZ׹J\�ʕu^ވ��ǽٵP>T��R��ܕ�9�si]��¤��-�X�� N�wJ��g�*"y�g��k��}��đSe��p�v��-�-Y��x� ��tbq2��P��j�e�-M�i��営�钛��w�r�� u�۴`4��`ݐa�0�oA{�ƙG��@u&xeb��B�t� Lb�J3��C<a�℺�z&��D=�2��;�-�'4q�m�C��h�L�Q��s�Y��`�#(a��r�GX�P��Z)tBΊ3 � ��@ ��'D��47|Ui�Od[*˩<�t �<�ň� +��ygѡ Q*�ʇ�� L��I��,%�VV?�l ��[Y��3J��7��,ne��>��2��N��Ո�g��mS��q��Y��^�f��!TB� g��y��xb��[b�ߍ��3 �R*��O��i��^�3� � �C�

Sections

CODE
Size: - Virtual size: 574KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 6KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX1
Size: - Virtual size: 557KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX2
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8ef145507a6ded53f6a1866d0d08e4ef

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

version

gdi32

ole32

comctl32

shell32

gdiplus

Exports

Exports

Sections

CODE Size: - Virtual size: 574KB

DATA Size: - Virtual size: 12KB

BSS Size: - Virtual size: 6KB

.idata Size: - Virtual size: 11KB

.tls Size: - Virtual size: 16B

.rdata Size: - Virtual size: 24B

.UPX0 Size: - Virtual size: 36KB

.rsrc Size: 10KB - Virtual size: 2.1MB

.UPX1 Size: - Virtual size: 557KB

.UPX2 Size: 2.2MB - Virtual size: 2.2MB

.reloc Size: 512B - Virtual size: 372B

CODE
Size: - Virtual size: 574KB

DATA
Size: - Virtual size: 12KB

BSS
Size: - Virtual size: 6KB

.idata
Size: - Virtual size: 11KB

.tls
Size: - Virtual size: 16B

.rdata
Size: - Virtual size: 24B

.UPX0
Size: - Virtual size: 36KB

.rsrc
Size: 10KB - Virtual size: 2.1MB

.UPX1
Size: - Virtual size: 557KB

.UPX2
Size: 2.2MB - Virtual size: 2.2MB

.reloc
Size: 512B - Virtual size: 372B