c8234e4b4140ec42cf14fbb4e664f1f1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c8234e4b4140ec42cf14fbb4e664f1f1_JaffaCakes118
Size

275KB
MD5

c8234e4b4140ec42cf14fbb4e664f1f1
SHA1

7c863d32672ed9d9b60b3d23d7be3b4213536fc1
SHA256

89c8801a698ad94f29653ef44fffec999b1bec9f4a43e6cf549b1b0500ede172
SHA512

5a26813c5130dfc514bf8bb4aec783a88d341c935509da83f5fad9951ce3c217962a6e886e35a9ec86f9b7e1609027ae2726f5a67b3278389575899873778b83
SSDEEP

3072:UlnVltjYHSdUH/krZSjz61lSAlXer8u4V4FrdXVx2rnzDTaSuFXM2MblGi9F6e7E:CYi9rkjWJduqyFKrzDTaQ2KlGiX76j

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c8234e4b4140ec42cf14fbb4e664f1f1_JaffaCakes118

Files

c8234e4b4140ec42cf14fbb4e664f1f1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e115be65e2e0e54ef485d7c1844f0d0a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

getsockopt
inet_ntoa
__WSAFDIsSet
bind
WSAGetLastError
getsockname
gethostbyname
listen
ntohs
connect
htons
socket
recv
send
select
WSAStartup
closesocket

kernel32

GetFullPathNameA
GetCurrentDirectoryA
FileTimeToLocalFileTime
FileTimeToSystemTime
LoadLibraryA
GetVersion
InitializeCriticalSection
ExitProcess
GetCurrentProcess
GetStartupInfoA
GetModuleHandleA
GetLastError
HeapCreate
MultiByteToWideChar
GetCurrentThreadId
TlsAlloc
GetStringTypeA
GetStringTypeW
RaiseException
GetModuleFileNameA
GetOEMCP
GetEnvironmentStringsW
GetCPInfo
GetACP
GetLocalTime
GetProcAddress

loadperf

InstallPerfDllA
UpdatePerfNameFilesA
BackupPerfRegistryToFileW

wshtcpip

WSHSetSocketInformation
WSHAddressToString

Sections

UPX1
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fCVqJZ
Size: 1024B - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 95KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.cb
Size: 2KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 338KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 121KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.i
Size: 1024B - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wr
Size: 1KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e115be65e2e0e54ef485d7c1844f0d0a

Headers

File Characteristics

Imports

wsock32

kernel32

loadperf

wshtcpip

Sections

UPX1 Size: 3KB - Virtual size: 3KB

.text Size: 14KB - Virtual size: 13KB

.rdata Size: 1KB - Virtual size: 9KB

.fCVqJZ Size: 1024B - Virtual size: 121KB

.edata Size: 95KB - Virtual size: 150KB

.cb Size: 2KB - Virtual size: 118KB

.data Size: 8KB - Virtual size: 338KB

.edata Size: 121KB - Virtual size: 146KB

.i Size: 1024B - Virtual size: 138KB

.wr Size: 1KB - Virtual size: 281KB

.rsrc Size: 25KB - Virtual size: 24KB

UPX1
Size: 3KB - Virtual size: 3KB

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 1KB - Virtual size: 9KB

.fCVqJZ
Size: 1024B - Virtual size: 121KB

.edata
Size: 95KB - Virtual size: 150KB

.cb
Size: 2KB - Virtual size: 118KB

.data
Size: 8KB - Virtual size: 338KB

.edata
Size: 121KB - Virtual size: 146KB

.i
Size: 1024B - Virtual size: 138KB

.wr
Size: 1KB - Virtual size: 281KB

.rsrc
Size: 25KB - Virtual size: 24KB