a94349ed04a9c2ef944c46a667c08aa4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a94349ed04a9c2ef944c46a667c08aa4_JaffaCakes118
Size

200KB
MD5

a94349ed04a9c2ef944c46a667c08aa4
SHA1

dba2da3536ee02a6954ec2d836e908e28eea5bde
SHA256

ad8ce3db2b835f5a87df897d8a8d24f5f3f6dfc0c1399e68e3dd19131521c0af
SHA512

e2c4e7731c5df3ae9aa89567a6417ebcd90334b7761cfde4d095820cf08382d7591dc742c072ef6c38d1f9096f317039c977187ce89fb591beead17da7fd707b
SSDEEP

3072:TleK7ZAO1lAglct86rXo1OxPjQQrHuBt8j1Q1dar97cInu/4nzvmD:TNZAtglctf8QiPVcri4g

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a94349ed04a9c2ef944c46a667c08aa4_JaffaCakes118

Files

a94349ed04a9c2ef944c46a667c08aa4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

903eb72a43f9e8a57ab1bdc6975f40d7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemTime
GetConsoleScreenBufferInfo
GetStdHandle
SetConsoleCtrlHandler
GetEnvironmentVariableA
IsDBCSLeadByte
SetConsoleMode
GetConsoleMode
ExitProcess
LocalFree
FormatMessageA
GetLastError
WriteFile
GetCurrentProcess
RtlUnwind
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
CompareStringA
ReadFile
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
SetFilePointer
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
GetCurrentProcessId
CreateFileA
SetStdHandle
LCMapStringW
LCMapStringA
RaiseException
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
CloseHandle
GetProcAddress
VirtualAlloc
GetFileAttributesA
FlushFileBuffers
SetHandleCount
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetModuleHandleA
GetStartupInfoA
GetFileType
GetCommandLineA
GetVersion
GetTimeZoneInformation
Sleep
GetLocalTime
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
HeapReAlloc
TerminateProcess
GetModuleFileNameA
DuplicateHandle
WriteConsoleA
DeleteFileA
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW

user32

CharToOemA

ntwdblib

ord74
ord160
ord157
ord23
ord94
ord29
ord28
ord24
ord31
ord51
ord43
ord48
ord71
ord159
ord70
ord75
ord58
ord93
ord76
ord66
ord53
ord34
ord17
ord78
ord64
ord11
ord77
ord18
ord124
ord129
ord121
ord25
ord49
ord30
ord32

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX0
Size: 104KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

903eb72a43f9e8a57ab1bdc6975f40d7

Headers

File Characteristics

Imports

kernel32

user32

ntwdblib

Sections

.text Size: 68KB - Virtual size: 64KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 16KB - Virtual size: 23KB

.rsrc Size: 4KB - Virtual size: 1KB

.UPX0 Size: 104KB - Virtual size: 252KB

.text
Size: 68KB - Virtual size: 64KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 16KB - Virtual size: 23KB

.rsrc
Size: 4KB - Virtual size: 1KB

.UPX0
Size: 104KB - Virtual size: 252KB