baf8e6cd5b2e3f7d66274426612daffd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

baf8e6cd5b2e3f7d66274426612daffd_JaffaCakes118
Size

261KB
MD5

baf8e6cd5b2e3f7d66274426612daffd
SHA1

c027fa212b4332f711ad9265a0a789567606cc44
SHA256

0c7de2c4548a7db46916912a9438c9c03241df6aa77de1383a03bbf0496e10ff
SHA512

289f222b3b78554b5de88c6cd31e4cc97b7b8793a8914ab01e001970f78400448bae568553fb924e3736695c7f231263f8ef68756583ce269b5f1a9860aa0689
SSDEEP

6144:BayqTuLw5F88SgCpsS1EbAD7im4vpDVL7RQQZQf6KAe8ihh:9Cua88SEjbEwvpZBZQfZhh

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
baf8e6cd5b2e3f7d66274426612daffd_JaffaCakes118

Files

baf8e6cd5b2e3f7d66274426612daffd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

daaa849a0f5684c1f3f8f8d49dbe9af0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
FreeLibrary
GetModuleHandleA
InitializeCriticalSection
GetLocalTime
GetCurrentProcessId
GetCurrentThreadId
GetCurrentDirectoryA
CreateMutexA
LocalFree
GetVersionExA
GetLastError
LoadLibraryA
WaitForSingleObject
ExitProcess
RaiseException
QueryPerformanceCounter
GetTickCount
HeapCreate
IsBadWritePtr
TlsAlloc
SetUnhandledExceptionFilter
GetACP
GetOEMCP
GetCPInfo
GetCurrentProcess
GetStartupInfoA
GetEnvironmentStringsW
IsBadReadPtr
IsBadCodePtr
GetSystemInfo
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CreateDirectoryA
GetProcAddress

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
InitializeSecurityDescriptor
GetSidLengthRequired
InitializeAcl
InitializeSid
GetSidSubAuthority
AddAccessAllowedAce
SetSecurityDescriptorDacl
IsValidSecurityDescriptor

shell32

SHGetFolderPathA

msasn1

ASN1BEREncCheck
ASN1BERDecGeneralizedTime
ASN1_GetEncoderOption
ASN1BEREncLength
ASN1BERDecBool
ASN1BERDecSXVal
ASN1BEREncChar16String
ASN1BERDecCharString
ASN1BEREncChar32String
ASN1char32string_free
ASN1BEREncCharString
ASN1CEREncUTCTime
ASN1BERDecNull
ASN1_SetDecoderOption
ASN1bitstring_cmp
ASN1char32string_cmp
ASN1_CreateEncoder
ASN1BERDecLength
ASN1BEREncOpenType
ASN1BEREncSX

msident

DllGetClassObject

Sections

UPX1
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 86KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxVhJ
Size: 4KB - Virtual size: 943KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 131KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

daaa849a0f5684c1f3f8f8d49dbe9af0

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

msasn1

msident

Sections

UPX1 Size: 7KB - Virtual size: 7KB

.text Size: 17KB - Virtual size: 17KB

.rdata Size: 2KB - Virtual size: 4KB

.edata Size: 86KB - Virtual size: 134KB

.gxVhJ Size: 4KB - Virtual size: 943KB

.data Size: 8KB - Virtual size: 255KB

.edata Size: 131KB - Virtual size: 224KB

.rsrc Size: 2KB - Virtual size: 2KB

UPX1
Size: 7KB - Virtual size: 7KB

.text
Size: 17KB - Virtual size: 17KB

.rdata
Size: 2KB - Virtual size: 4KB

.edata
Size: 86KB - Virtual size: 134KB

.gxVhJ
Size: 4KB - Virtual size: 943KB

.data
Size: 8KB - Virtual size: 255KB

.edata
Size: 131KB - Virtual size: 224KB

.rsrc
Size: 2KB - Virtual size: 2KB