a91b999afaef584f4b313f1276715a81_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a91b999afaef584f4b313f1276715a81_JaffaCakes118
Size

121KB
MD5

a91b999afaef584f4b313f1276715a81
SHA1

4ba9195f02ab1dcc5b25fae3b80e707aa6ee8ec5
SHA256

d9d70953a6bc1146f70591f54eb0ea6b5a1cfe1108a87a2d7242b3ab786d6c10
SHA512

c2439fb70a32d573d8f17dede4d7848ead60cbd22b86c3f996c1378c6ba75e170131eddaa655e59aa50b8793c7f2ef837fcf6620dafe66a77a80a7fda49364e0
SSDEEP

3072:wFDe8m5TU9UnFshF4KnOs9vLfhZRTxMJUbih1:YDfmOCFshFdHxFZuT

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a91b999afaef584f4b313f1276715a81_JaffaCakes118

Files

a91b999afaef584f4b313f1276715a81_JaffaCakes118
.exe windows:5 windows x86 arch:x86

109cf7de0ef93aadd477da97c90a4625

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThread
ReadFile
Sleep
GetComputerNameW
ExpandEnvironmentStringsW
SetThreadPriority
SetPriorityClass
GetProcAddress
GetCurrentProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
SetUnhandledExceptionFilter
GetLastError
CreateDirectoryW
CreateFileW
CloseHandle
DeleteFileW
GetLocalTime
GetModuleHandleA
WriteFile

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
_initterm
__wgetmainargs
__winitenv
_controlfp
_cexit
_XcptFilter
_exit
_c_exit
wcslen
__setusermatherr
_vsnwprintf
free
exit
malloc

advapi32

RegCloseKey
DeregisterEventSource
ReportEventW
RegisterEventSourceW
OpenProcessToken
GetTokenInformation
RegQueryValueExW
RegOpenKeyW
RegSetValueExW
RegDeleteValueW
OpenThreadToken

ntdll

RtlAllocateAndInitializeSid
RtlCreateSecurityDescriptor
RtlCreateAcl
RtlAddAccessAllowedAce
RtlSetDaclSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlFreeSid
NtSetSecurityObject

netapi32

NetAlertRaiseEx

dbgeng

DebugCreate

faultrep

ReportEREvent

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

109cf7de0ef93aadd477da97c90a4625

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

advapi32

ntdll

netapi32

dbgeng

faultrep

Sections

.text Size: 8KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 6KB

.rsrc Size: 3KB - Virtual size: 3KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 8KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 6KB

.rsrc
Size: 3KB - Virtual size: 3KB

.UPX0
Size: 108KB - Virtual size: 260KB