a4e65652caf153009e6bf2ee61824ab0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a4e65652caf153009e6bf2ee61824ab0_JaffaCakes118
Size

182KB
MD5

a4e65652caf153009e6bf2ee61824ab0
SHA1

2532278143d1ed09d7c85fb272b6733910a5a820
SHA256

38ce39d2ea7d4d1e5e2bbc43064c79080b93eaaee6680076dd61ba10be4bab24
SHA512

ef7f8fde529bb02862f016e19bbddf18cb5ca2a5b356897913b0635a72429f59433681d84cd3407bed21af889ecafa3c01df48a021f682480c63d3694e5ad0d7
SSDEEP

3072:TyyBbcGtC+uNd8r1GVfwgYv+IN01vQ3knHTyVfDsvFXye1VY3ZyoYsVkrdE6iZWu:9U5D8r1ekKNQ3kHeVfDsvFXyeHsZyoYa

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a4e65652caf153009e6bf2ee61824ab0_JaffaCakes118

Files

a4e65652caf153009e6bf2ee61824ab0_JaffaCakes118
.exe windows:5 windows x86 arch:x86

74e332e4c1209bc6ff4fc6d160e8919c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_except_handler3
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__initenv
_cexit
_XcptFilter
_exit
_c_exit
_strupr
fwprintf
_iob
iswascii
atoi
atol
swprintf
_wctime
wprintf
wcslen
wcscpy
strchr
_fullpath
_strcmpi
_splitpath
_makepath
_getch
sprintf
exit
printf
_mbsnbcpy

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

kernel32

SetEvent
ReadFile
InterlockedIncrement
SetThreadAffinityMask
GetCurrentThread
GetSystemInfo
GetQueuedCompletionStatus
SetThreadPriorityBoost
VirtualFree
WaitForSingleObjectEx
CreateEventW
VirtualAlloc
GetFileSize
GetCurrentProcessId
GetComputerNameA
FreeLibrary
CreateThread
CreateIoCompletionPort
CreateFileW
MoveFileExA
GetProcAddress
LoadLibraryExA
GetLastError
FormatMessageA
GetTickCount
GetModuleHandleA
CopyFileA
MoveFileA
DeleteFileA
FormatMessageW
FindClose
FindFirstFileA
CloseHandle
GetCurrentProcess
MultiByteToWideChar
LocalFree
LocalAlloc
LoadLibraryA

user32

MessageBoxA

esent

JetDBUtilities
JetBackup
JetRestore2
JetEndSession
JetDetachDatabase
JetBeginSession
JetCompact
JetGetSystemParameter
JetSetSystemParameter
JetTerm2
JetInit2
JetInit
JetGetDatabaseFileInfo

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

74e332e4c1209bc6ff4fc6d160e8919c

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

user32

esent

Sections

.text Size: 35KB - Virtual size: 34KB

.data Size: 512B - Virtual size: 21KB

.rsrc Size: 2KB - Virtual size: 1KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 35KB - Virtual size: 34KB

.data
Size: 512B - Virtual size: 21KB

.rsrc
Size: 2KB - Virtual size: 1KB

UPX0
Size: 144KB - Virtual size: 380KB