af2e0a20a1d9727d4debbea702a098a1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

af2e0a20a1d9727d4debbea702a098a1_JaffaCakes118
Size

178KB
MD5

af2e0a20a1d9727d4debbea702a098a1
SHA1

94358a7c9abdc4d5e80a7fba7a1841aaaeccab27
SHA256

63fe260d40a45236389c94528fc6abcc6cc755948488987465a422d6d0824ae8
SHA512

b807076ef773691ffb27b2075b3730489cba8189c8ec29758d9194cdbd0a5c8916cded3f8eaccaf3d890ec8d5f1df4d5e378709504e371b15e82ccf85c0036df
SSDEEP

3072:AvcjAgHWyjLHnaNfow+Or46b3wxSWmZzWovy2D8wuntn/6jQepBc3LbwugPD:AvcEAjLrwhramZzHQ/B/6Tc3g/D

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
af2e0a20a1d9727d4debbea702a098a1_JaffaCakes118

Files

af2e0a20a1d9727d4debbea702a098a1_JaffaCakes118
.exe windows:6 windows x86 arch:x86

4b2fcad000a6a13135e56d62db0a565e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

sfc.pdb

Imports

advapi32

FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW

kernel32

InterlockedDecrement
CloseHandle
HeapSetInformation
Sleep
SetThreadPriority
GetThreadPriority
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentThread
GetSystemInfo
GetLastError
SystemTimeToFileTime
GetLocalTime
HeapAlloc
GetProcessHeap
FileTimeToSystemTime
InterlockedIncrement
GetDiskFreeSpaceExW
FreeLibrary
LoadLibraryW
GetFileTime
CreateFileW
CreateFileMappingW
GetFileSizeEx
LocaleNameToLCID
GetModuleFileNameW
GetUserDefaultUILanguage
GetProductInfo
GetVersionExW
UnmapViewOfFile
MapViewOfFile
SetEvent
WaitForSingleObject
QueueUserWorkItem
CreateEventW
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedCompareExchange
InterlockedExchange
GetModuleHandleW
GetProcAddress
GetConsoleOutputCP
FormatMessageW
LocalFree
CompareFileTime
GetCurrentThreadId
GetCurrentProcessId
GetTickCount
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
lstrcmpiW
GetWindowsDirectoryW
lstrlenW

msvcrt

_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
?terminate@@YAXXZ
_controlfp
__wgetmainargs
exit
wcsrchr
strstr
_strnicmp
strtok
strtoul
atoi
memcpy
wcstoul
memset
mbstowcs
wcschr
wcsstr
wcstok
_XcptFilter
_exit
_cexit
swscanf
_wtof
_wcsnicmp
_wcsicmp
??2@YAPAXI@Z
_ftol2
??3@YAXPAX@Z
_wsetlocale
_snwprintf_s
printf
_getmbcp
_vsnwprintf

ntdll

RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitUnicodeString
RtlExpandEnvironmentStrings_U
RtlInitAnsiString

ole32

CoGetMalloc
CoUninitialize
CoInitializeEx
CoCreateInstance

oleaut32

SysAllocString
SysFreeString

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

powrprof

PowerDeterminePlatformRole

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4b2fcad000a6a13135e56d62db0a565e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

ntdll

ole32

oleaut32

version

powrprof

Sections

.text Size: 28KB - Virtual size: 28KB

.data Size: 512B - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 1KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 28KB - Virtual size: 28KB

.data
Size: 512B - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 1KB

UPX0
Size: 144KB - Virtual size: 380KB