bd9c8379e9e699a90421938415caa5f7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bd9c8379e9e699a90421938415caa5f7_JaffaCakes118
Size

288KB
MD5

bd9c8379e9e699a90421938415caa5f7
SHA1

c44254a2c3d0270fec0daa9743f9d769eaa78442
SHA256

65af2fbba4dec6242558e6d5dbdec741f198de46a249c692cd13422343c1a11a
SHA512

6e6a8e7a7548ae70eb9f149b1eeae3bd4089942f0ce3eeeeda263a68c63d386453de286f3ac9a4f7db8f7eb953a373d322712aff4747b5de111383af1bdea0d0
SSDEEP

6144:9GApTvoNQ/JyRpYrCSRrCcCInKF/h1sIC9M/auOoE+38ZlPgvqr3IKJR6x8YcQxj:8ApTvorRpYB+BQKsTmOZEex6g3Xc2YcU

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd9c8379e9e699a90421938415caa5f7_JaffaCakes118

Files

bd9c8379e9e699a90421938415caa5f7_JaffaCakes118
.exe windows:6 windows x86 arch:x86

94c75f6d45facbef4c39866420a3bd28

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

CompMgmtLauncher.pdb

Imports

kernel32

CloseHandle
GetLastError
GetVersionExW
FlushFileBuffers
CreateFileA
VirtualQuery
GetCommandLineA
GetVersionExA
SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThreadId
HeapDestroy
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
OutputDebugStringA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
LeaveCriticalSection
EnterCriticalSection
LoadLibraryExA
InitializeCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
Sleep
VirtualAlloc
HeapReAlloc
SetFilePointer
GetConsoleCP
GetConsoleMode
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
VirtualProtect
GetSystemInfo

ntdll

RtlUnwind

shell32

ShellExecuteExW
SHGetKnownFolderPath

ole32

CoTaskMemFree

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

94c75f6d45facbef4c39866420a3bd28

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

ntdll

shell32

ole32

Sections

.text Size: 44KB - Virtual size: 44KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 90KB - Virtual size: 90KB

.reloc Size: 4KB - Virtual size: 3KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 44KB - Virtual size: 44KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 90KB - Virtual size: 90KB

.reloc
Size: 4KB - Virtual size: 3KB

UPX0
Size: 144KB - Virtual size: 380KB