bf98bf5cf293f3270433439ad32671d1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bf98bf5cf293f3270433439ad32671d1_JaffaCakes118
Size

269KB
MD5

bf98bf5cf293f3270433439ad32671d1
SHA1

584fb96c2c8c3bcd0033db49b8cc782e598dbaf2
SHA256

a15ee7062146adda2a8642f2cd614c039d2deba6207a74f3504fcf9e8b0251e2
SHA512

9fd191d6a19313a9827a263c161118460ed187afeb63d9c2b9c4e5c00513140f0adf5614fd719e96eed20ab5ae296ab6197e62a6f44891f9a73f66e18101ca03
SSDEEP

6144:k/w8abEfC7QCAUtrj89/BskQkWTfZQ0/0cdmiRwxArDUn:k4K6LzHKcvTZQ0/0zJxQDU

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf98bf5cf293f3270433439ad32671d1_JaffaCakes118

Files

bf98bf5cf293f3270433439ad32671d1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f4452cf9d9e8e1d223a3daf8c60d11ba

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DuplicateHandle
InitializeCriticalSection
CreateMutexW
OpenMutexW
LocalFree
LocalAlloc
GetModuleHandleA
lstrcmpA
GetVersion
GetTickCount
GetModuleFileNameA
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
WaitForMultipleObjects
WaitForSingleObject
GetCurrentProcessId
SetEvent
GetCurrentThreadId
CreateEventW
GetCurrentProcess
GetVersionExW
lstrcpynA
lstrlenA
GetLastError
MultiByteToWideChar
GetFullPathNameA
GetFileAttributesA
lstrcpynW
lstrlenW
FreeLibrary
GetFileAttributesW
LoadLibraryW
GetCurrentThread
GetProcAddress

user32

PeekMessageW

advapi32

RegQueryValueExA
RegOpenKeyA
FreeSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteKeyA
EqualSid

shell32

ord680
ShellExecuteExW
SHGetDesktopFolder

msasn1

ASN1BEREncCheck
ASN1_GetDecoderOption
ASN1_CloseDecoder
ASN1BERDecSXVal
ASN1BERDecOpenType
ASN1BERDecZeroCharString
ASN1BEREncCharString
ASN1BERDecEndOfContents
ASN1BEREncS32
ASN1DecAlloc
ASN1_CloseEncoder
ASN1_Decode
ASN1objectidentifier2_cmp
ASN1_CloseModule
ASN1BERDecBool
ASN1BEREncRemoveZeroBits

fmifs

Extend

Sections

UPX1
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.utL
Size: 3KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.x
Size: 2KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.REHKgI
Size: 512B - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 105KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 350KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.R
Size: 1024B - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 117KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.OoYrd
Size: 3KB - Virtual size: 485KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4452cf9d9e8e1d223a3daf8c60d11ba

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msasn1

fmifs

Sections

UPX1 Size: 7KB - Virtual size: 7KB

.utL Size: 3KB - Virtual size: 279KB

.x Size: 2KB - Virtual size: 27KB

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 2KB - Virtual size: 31KB

.REHKgI Size: 512B - Virtual size: 47KB

.edata Size: 105KB - Virtual size: 171KB

.data Size: 7KB - Virtual size: 350KB

.R Size: 1024B - Virtual size: 139KB

.edata Size: 117KB - Virtual size: 139KB

.OoYrd Size: 3KB - Virtual size: 485KB

.rsrc Size: 1KB - Virtual size: 1KB

UPX1
Size: 7KB - Virtual size: 7KB

.utL
Size: 3KB - Virtual size: 279KB

.x
Size: 2KB - Virtual size: 27KB

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 2KB - Virtual size: 31KB

.REHKgI
Size: 512B - Virtual size: 47KB

.edata
Size: 105KB - Virtual size: 171KB

.data
Size: 7KB - Virtual size: 350KB

.R
Size: 1024B - Virtual size: 139KB

.edata
Size: 117KB - Virtual size: 139KB

.OoYrd
Size: 3KB - Virtual size: 485KB

.rsrc
Size: 1KB - Virtual size: 1KB