b2f8c459fde65db7152c70ed30beab2d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b2f8c459fde65db7152c70ed30beab2d_JaffaCakes118
Size

58KB
MD5

b2f8c459fde65db7152c70ed30beab2d
SHA1

3b77926deaa34fac8f09c2c6a544da7ffa88d418
SHA256

20ad74df0f86f8b3dfc89340bf9e64600cbcdf6a0244388feb6014359592dc7a
SHA512

6c17f982558c938aa006fa835f367c4fa54d0c6b52c5a26fd9a5e8e803f41adf016a2291186aa92af46bd2dc61d0bac4680ac96673692ad23716a0b360b7a499
SSDEEP

1536:BMhmdkLTcG592/Ccvcd2pjJuNmxM3Y/lM:BUokLTcGr2/CcNpj3xM3YlM

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b2f8c459fde65db7152c70ed30beab2d_JaffaCakes118

Files

b2f8c459fde65db7152c70ed30beab2d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

27eac643b5cdc8a66d5c497b14ba29e1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
IsDebuggerPresent
SetUnhandledExceptionFilter
GetCurrentProcess
QueryPerformanceCounter
InitializeCriticalSection
SetErrorMode
GetLastError
RemoveDirectoryW
GetVolumeInformationW
LoadLibraryW
FreeLibrary
Sleep
CreateDirectoryW
CreateMutexA
VirtualAllocEx

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

advapi32

RegOpenKeyExW
RegSetValueExW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegQueryValueExW
RegCreateKeyExW

loadperf

UpdatePerfNameFilesW
UnloadPerfCounterTextStringsA

user32

SetWindowTextW
LoadImageA
LoadMenuW
DialogBoxIndirectParamA
CopyRect
PostQuitMessage
GetMenuItemInfoW
ActivateKeyboardLayout
LoadImageW
ShowCursor
LoadMenuIndirectA
MonitorFromRect
EnumClipboardFormats
SetCursorPos
InvalidateRect
RegisterClassA
WaitMessage
PeekMessageW
GetScrollPos
OffsetRect
DialogBoxIndirectParamW
GetDlgItemTextW
EnableWindow

colbact

DllRegisterServer

Sections

UPX0
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.C
Size: 1024B - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pMTqU
Size: 4KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Dnhw
Size: 2KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 10KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.KjNq
Size: 2KB - Virtual size: 318KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 10KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

27eac643b5cdc8a66d5c497b14ba29e1

Headers

File Characteristics

Imports

kernel32

version

advapi32

loadperf

user32

colbact

Sections

UPX0 Size: 5KB - Virtual size: 5KB

.text Size: 12KB - Virtual size: 11KB

.C Size: 1024B - Virtual size: 80KB

.pMTqU Size: 4KB - Virtual size: 62KB

.rdata Size: 2KB - Virtual size: 12KB

.Dnhw Size: 2KB - Virtual size: 296KB

.edata Size: 10KB - Virtual size: 59KB

.KjNq Size: 2KB - Virtual size: 318KB

.data Size: 6KB - Virtual size: 290KB

.edata Size: 10KB - Virtual size: 41KB

.rsrc Size: 2KB - Virtual size: 1KB

UPX0
Size: 5KB - Virtual size: 5KB

.text
Size: 12KB - Virtual size: 11KB

.C
Size: 1024B - Virtual size: 80KB

.pMTqU
Size: 4KB - Virtual size: 62KB

.rdata
Size: 2KB - Virtual size: 12KB

.Dnhw
Size: 2KB - Virtual size: 296KB

.edata
Size: 10KB - Virtual size: 59KB

.KjNq
Size: 2KB - Virtual size: 318KB

.data
Size: 6KB - Virtual size: 290KB

.edata
Size: 10KB - Virtual size: 41KB

.rsrc
Size: 2KB - Virtual size: 1KB