a7b8bc33e36bc5847afd78bd0a177a84_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a7b8bc33e36bc5847afd78bd0a177a84_JaffaCakes118
Size

140KB
MD5

a7b8bc33e36bc5847afd78bd0a177a84
SHA1

d11252a82468987ffbdbb161bf158c53e0339097
SHA256

c5599cbee53fae488c3c0e211397456a6f94be8376a760bd8fd810c45949c4b2
SHA512

1d346805abc42232e948185c6d88f26bd6a76812b6590cc76371666bfa9914c6ca1901038f31a07eacf785967f604083344ab36fe9ea76161079bbe36b94ca27
SSDEEP

3072:XSIWG9rxJ8ltlpxP+mx/1Wf0WaonyoHLJdsgJr3uNhTUjfS8N:XAG9s+mx/1M0WakyoHL4Cr3uNlcfr

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a7b8bc33e36bc5847afd78bd0a177a84_JaffaCakes118

Files

a7b8bc33e36bc5847afd78bd0a177a84_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ecc7da4e4021bb33b064ecc22ef77f31

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceA
MapViewOfFileEx
CreateFileMappingA
CreateFileA
DeleteFileA
SetFileAttributesA
LocalFree
LocalAlloc
WriteFile
SetFilePointer
FreeLibrary
LoadLibraryA
GetProcAddress
GetLastError
GetFileAttributesA
GetComputerNameA
GetSystemDirectoryA
GetVersionExA
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
SetLastError
LoadResource
CloseHandle
GetModuleFileNameA
UnmapViewOfFile
FlushFileBuffers
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetCPInfo
SetStdHandle
GetOEMCP
GetACP
GetSystemInfo
VirtualProtect
Sleep
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
ExitProcess
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
InterlockedExchange
VirtualQuery
MultiByteToWideChar
LCMapStringA
LCMapStringW

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegEnumKeyExA

user32

LoadStringA

ntdll

RtlTimeToTimeFields
NtQuerySystemTime
RtlSystemTimeToLocalTime
RtlUnwind

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 104KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ecc7da4e4021bb33b064ecc22ef77f31

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

user32

ntdll

version

Sections

.text Size: 30KB - Virtual size: 29KB

.data Size: 2KB - Virtual size: 9KB

.rsrc Size: 3KB - Virtual size: 2KB

.UPX0 Size: 104KB - Virtual size: 252KB

.text
Size: 30KB - Virtual size: 29KB

.data
Size: 2KB - Virtual size: 9KB

.rsrc
Size: 3KB - Virtual size: 2KB

.UPX0
Size: 104KB - Virtual size: 252KB