a26856264a6b2234047102636a19b7fc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a26856264a6b2234047102636a19b7fc_JaffaCakes118
Size

67KB
MD5

a26856264a6b2234047102636a19b7fc
SHA1

e334f8746d377e9143154a33bd53455e4c512dd8
SHA256

3e8b46b3929e1b544bdbefb5053daea17ed9e0eeb5e235e8c3153f0e4857bc80
SHA512

9134d0eef05c75d9ce722705c97e3ee6884142132eba6b95e98114c9cf371cbeea1e58ac013de419ca236a7358e113c72913932c9c46a3a0b159379a06cb321f
SSDEEP

768:ZmclDhRbs7UyDtBvF7un11PA2DkuCk/WGQ3QgBEYcQkQ9Y13ECgHnn97A:ZZ/bs7UyxBvF7QJEIWH3+pQkQ9i3EC+0

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a26856264a6b2234047102636a19b7fc_JaffaCakes118

Files

a26856264a6b2234047102636a19b7fc_JaffaCakes118
.exe windows:1 windows x86 arch:x86

20c2e0f9744b1edc8f2b8c652f337cc8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitThread
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetComputerNameA
GetCurrentDirectoryA
GetCurrentProcess
GetCurrentProcessId
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
GetProcessHeap
GetTickCount
GetVersionExA
LoadLibraryA
MapViewOfFile
OpenProcess
CreateEventA
PeekNamedPipe
QueryPerformanceCounter
QueryPerformanceFrequency
ReadFile
RtlUnwind
RtlZeroMemory
SetEvent
SetFileAttributesA
Sleep
TerminateProcess
TerminateThread
UnmapViewOfFile
CreatePipe
WaitForMultipleObjects
CreateProcessA
WaitForSingleObject
WriteFile
CreateThread
DeleteFileA
DeviceIoControl
DisconnectNamedPipe
DuplicateHandle

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenEventLogA
OpenProcessToken
OpenSCManagerA
OpenServiceA
QueryServiceStatus
RegCloseKey
RegCreateKeyExA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegisterServiceCtrlHandlerA
ClearEventLogA
SetServiceStatus
StartServiceA
StartServiceCtrlDispatcherA
CloseEventLog
CloseServiceHandle
ControlService
CreateServiceA
DeleteService

crtdll

_itoa
__GetMainArgs
_open
_strcmpi
_strnicmp
_strupr
toupper
_write
atoi
exit
free
malloc
mbstowcs
memcpy
memset
printf
raise
signal
sprintf
sscanf
strcat
strcmp
strcpy
strlen
strstr
strtok
_close

netapi32

NetUserSetInfo

psapi

EnumProcessModules
GetModuleFileNameExA

user32

ExitWindowsEx

wininet

InternetGetConnectedState

wsock32

WSACleanup
WSAStartup
accept
bind
closesocket
connect
gethostbyname
gethostname
getservbyname
htonl
htons
inet_addr
inet_ntoa
listen
recv
send
socket

Sections

UPX0
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

20c2e0f9744b1edc8f2b8c652f337cc8

Headers

File Characteristics

Imports

kernel32

advapi32

crtdll

netapi32

psapi

user32

wininet

wsock32

Sections

UPX0 Size: 64KB - Virtual size: 64KB

.avp Size: 2KB - Virtual size: 4KB

UPX0
Size: 64KB - Virtual size: 64KB

.avp
Size: 2KB - Virtual size: 4KB