c15d2d6f097eb718479de51a74a212ec_JaffaCakes118

General

Target

c15d2d6f097eb718479de51a74a212ec_JaffaCakes118
Size

973KB
MD5

c15d2d6f097eb718479de51a74a212ec
SHA1

cc1a2401ff66cfca2c6a3993f8bc499fe45425ae
SHA256

4fd445a622132399b58f0bc7d65f695a627ea2f821abc544a18cd2c25f71ca34
SHA512

456a54f8c0d7d5f532b033036e1ac23b3f70230927fa406da715134a1aa109b8fe5bc4697933b511d03dc8756efc38f149f3fb7ce6a5cfbdcd9b6817c3c91466
SSDEEP

12288:WaniK5KpTdjqp0dcLJ1T9PClAitXhw0OEQiB4DOd6sYX5pNIQRLB:WaiK5KpTdi0AfsJh/EieOd6bXfSy

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c15d2d6f097eb718479de51a74a212ec_JaffaCakes118

Files

c15d2d6f097eb718479de51a74a212ec_JaffaCakes118
.exe windows:4 windows x86 arch:x86

937ea3945ca330b72eb9bff88d798ac0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddAtomA
ExitProcess
FindAtomA
GetAtomNameA
SetUnhandledExceptionFilter

msvcrt

_chsize
_close
_fileno
_fstat
_getcwd
_getpid
_open
_putenv
_read
_stat
_strdup
_unlink
_write
__getmainargs
__mb_cur_max
__p___argv
__p__environ
__p__fmode
__set_app_type
_cexit
_errno
_fileno
_iob
_isctype
_onexit
_pctype
_setjmp
_setmode
_vsnprintf
abort
atexit
atoi
calloc
exit
fclose
fflush
fgetc
fgets
floor
fmod
fopen
fprintf
fputc
fputs
fread
free
frexp
fseek
ftell
fwrite
getc
getenv
gmtime
isalnum
isalpha
isdigit
isspace
isupper
ldexp
localtime
log10
longjmp
malloc
memcmp
memcpy
memmove
memset
printf
putchar
puts
qsort
rand
realloc
rename
signal
sprintf
srand
sscanf
strcat
strchr
strcmp
strcpy
strerror
strftime
strlen
strncmp
strncpy
strrchr
strtod
strtol
time
tolower
toupper
vfprintf
vsprintf

wsock32

WSACleanup
WSAGetLastError
WSAStartup
__WSAFDIsSet
bind
closesocket
connect
gethostbyname
getsockname
getsockopt
htons
ioctlsocket
listen
ntohs
recv
select
send
socket

Sections

.text
Size: 843KB - Virtual size: 843KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 69KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX0
Size: 104KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

937ea3945ca330b72eb9bff88d798ac0

Headers

File Characteristics

Imports

kernel32

msvcrt

wsock32

Sections

.text Size: 843KB - Virtual size: 843KB

.data Size: 21KB - Virtual size: 21KB

.bss Size: - Virtual size: 69KB

.idata Size: 3KB - Virtual size: 2KB

.UPX0 Size: 104KB - Virtual size: 252KB

.text
Size: 843KB - Virtual size: 843KB

.data
Size: 21KB - Virtual size: 21KB

.bss
Size: - Virtual size: 69KB

.idata
Size: 3KB - Virtual size: 2KB

.UPX0
Size: 104KB - Virtual size: 252KB