ceb36f715d6422a30293a0a939559553_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ceb36f715d6422a30293a0a939559553_JaffaCakes118
Size

500KB
MD5

ceb36f715d6422a30293a0a939559553
SHA1

02dd6aec324a8402ded3e819a49b0dd86c96a35e
SHA256

0ff4850ca2b81ef014c14b3f7adc63d7d036b3ff6ebd05397ca4174f43c5c51c
SHA512

b630aebfb0ef7d9e92115ffb2ce3f213c95794cc51621bda85afa3e9cbdc1364cd249cff35ee5397727b7ee7a3cb89d7ea204f15bb414cb2d7220b04caf444f7
SSDEEP

12288:KFkUSs2pcKhoOj1HU/CmxdRBkDOkv1ribIIEVXI:KFkUR2phGx/BkSkR8zEdI

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ceb36f715d6422a30293a0a939559553_JaffaCakes118

Files

ceb36f715d6422a30293a0a939559553_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d245f4db6ff599338a1725d6bd1996f4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord3173
ord1997
ord2773
ord2762
ord4053
ord4210
ord3006
ord3005
ord3300
ord3299
ord3306
ord3305
ord3557
ord3183
ord3180
ord3612
ord356
ord668
ord5568
ord2914
ord3658
ord5446
ord5436
ord6379
ord6390
ord1834
ord4237
ord5996
ord2109
ord4451
ord5977
ord4269
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord927
ord5193
ord2388
ord3341
ord5296
ord5298
ord2717
ord4074
ord4692
ord5303
ord5285
ord5710
ord4616
ord3733
ord815
ord348
ord561
ord663
ord2613
ord1131
ord1165
ord1105
ord5647
ord3122
ord3611
ord1971
ord2795
ord6381
ord5180
ord665
ord350
ord354
ord3806
ord2813
ord2755
ord859
ord5462
ord2912
ord1989
ord2800
ord964
ord6313
ord4177
ord6388
ord5444
ord3313
ord6006
ord5774
ord2598
ord5188
ord3175
ord3178
ord3171
ord3506
ord3719
ord798
ord5852
ord533
ord536
ord6403
ord1560
ord268
ord5461
ord5679
ord940
ord4197
ord922
ord2756
ord942
ord3176
ord5706
ord925
ord1972
ord823
ord858
ord4124
ord861
ord535
ord540
ord537
ord2810
ord800
ord538
ord470
ord755
ord4270
ord825
ord4418
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord1089
ord1569

msvcrt

_controlfp
??1type_info@@UAE@XZ
_onexit
__dllonexit
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_XcptFilter
_exit
__CxxFrameHandler
swprintf
wcscpy
_ltow
_wfullpath
wcsrchr
wcscmp
wcsstr
_wcsicmp

kernel32

GetLastError
CreateFileW
CloseHandle
GetTickCount
ResetEvent
SetEvent
GetModuleFileNameW
LockFile
GetFileSize
DeleteFileW
SizeofResource
LockResource
GetDriveTypeW
FindResourceW
GetSystemDirectoryW
WaitForSingleObject
CreateProcessW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetCurrentDirectoryW
GlobalUnlock
GlobalLock
GlobalAlloc
GetVersionExW
GetModuleHandleW
GetStartupInfoW
MultiByteToWideChar
ReadFile
GetVolumeInformationW
GetDiskFreeSpaceExW
SetLastError
FindFirstFileW
GetProcAddress
LoadLibraryW
LoadResource
GlobalFree
FreeLibrary

user32

wvsprintfW

advapi32

ControlService
StartServiceW
OpenServiceW
DeleteService
OpenSCManagerW
CreateServiceW
CloseServiceHandle
RegisterServiceCtrlHandlerW
SetServiceStatus
StartServiceCtrlDispatcherW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 312KB - Virtual size: 310KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d245f4db6ff599338a1725d6bd1996f4

Headers

File Characteristics

Imports

mfc42u

msvcrt

kernel32

user32

advapi32

version

Sections

.text Size: 28KB - Virtual size: 25KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 312KB - Virtual size: 310KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 28KB - Virtual size: 25KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 312KB - Virtual size: 310KB

UPX0
Size: 144KB - Virtual size: 380KB