be6ab7649871fc2173bdb2b4ad9b27d0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

be6ab7649871fc2173bdb2b4ad9b27d0_JaffaCakes118
Size

144KB
MD5

be6ab7649871fc2173bdb2b4ad9b27d0
SHA1

598cdcb6469da36331393d82ae47a59cc245047f
SHA256

a34dd30894b77194c969cae90fba66ca7d4e39b944416c9f1efc08880d1dfc23
SHA512

b6358e589d04d0a8b8c17906b4a4dc1f51a9e09740bdfc66e5b8c4fbfa1cdc2d4c9119db56151285b901e124bfce4088f457cec41006c0037941564b5d38bbf2
SSDEEP

1536:sU5L6dSVnvRc5P70YGPiTaey0SZEsGO6Dc/vLhVlDVJwGqZBPFjenb+5H6r5:sWL9G4YLFin5/v1ovzFKW6N

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be6ab7649871fc2173bdb2b4ad9b27d0_JaffaCakes118

Files

be6ab7649871fc2173bdb2b4ad9b27d0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a65cc75e156597ed9248820d1e9e0656

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeW
IsBadCodePtr
IsBadReadPtr
VirtualQuery
GetSystemInfo
GetLocaleInfoA
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEndOfFile
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
GetStringTypeA
CreateProcessA
VirtualProtect
GetCPInfo
GetOEMCP
GetACP
SetUnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
LCMapStringW
MultiByteToWideChar
LCMapStringA
HeapSize
SetFilePointer
SetStdHandle
GetFileAttributesA
IsBadWritePtr
HeapReAlloc
GetModuleHandleA
CreateThread
ExitProcess
GetVersion
CloseHandle
CreateMutexA
OpenMutexA
GetCurrentProcessId
GetProcAddress
LoadLibraryA
GetVersionExA
GetModuleFileNameA
GetSystemDirectoryA
GetWindowsDirectoryA
ExitThread
HeapFree
Sleep
HeapAlloc
GetProcessHeap
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
FreeConsole
InitializeCriticalSection
ReadFile
DeleteFileA
DeleteCriticalSection
WriteFile
CreateFileA
TerminateProcess
GetExitCodeProcess
SetCurrentDirectoryA
GetStartupInfoA
PeekNamedPipe
GlobalAlloc
CreatePipe
FreeLibrary
OpenProcess
GetLastError
lstrcmpiA
WideCharToMultiByte
LocalFree
GetTickCount
lstrlenA
GetCurrentProcess
GetTempPathA
GetSystemTimeAsFileTime
RtlUnwind
GetCommandLineA
RaiseException
QueryPerformanceCounter
TlsFree
SetLastError
TlsSetValue
TlsGetValue
TlsAlloc
GetTimeZoneInformation
FlushFileBuffers
VirtualAlloc

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
RegDeleteValueA
RegSetValueExA
RegEnumKeyA
IsTextUnicode
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenSCManagerA
ControlService
OpenServiceA
StartServiceA
CreateServiceA
CloseServiceHandle
OpenProcessToken

oleaut32

shell32

ShellExecuteA
SHGetSpecialFolderPathA

urlmon

URLDownloadToFileA

user32

DispatchMessageA
TranslateMessage
GetMessageA
SetTimer
wsprintfA
ExitWindowsEx
FindWindowA
SendMessageA
PostMessageA
KillTimer

wininet

InternetGetConnectedState

ws2_32

WSASocketA
WSAAccept

Sections

UPX0
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a65cc75e156597ed9248820d1e9e0656

Headers

File Characteristics

Imports

kernel32

advapi32

oleaut32

shell32

urlmon

user32

wininet

ws2_32

Sections

UPX0 Size: 140KB - Virtual size: 140KB

.avp Size: 3KB - Virtual size: 4KB

UPX0
Size: 140KB - Virtual size: 140KB

.avp
Size: 3KB - Virtual size: 4KB