cf6a6b66c3c2fa77a515ec8adacd6617_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

cf6a6b66c3c2fa77a515ec8adacd6617_JaffaCakes118
Size

83KB
MD5

cf6a6b66c3c2fa77a515ec8adacd6617
SHA1

67a11fe60d1818401969957903b8c9431fad84e8
SHA256

f3fe21fb133f3a39592cbbe63ff0298ee150c087b3251d12ccbc3418507e794f
SHA512

ea8078e6ab4e54ba12b60e2ef93c723862be4ecd78ae6b59ad5c8990fbd19671deebee120fafe5bcf11958bfe8f11b765419a1d40b676a979b674dceedae1aea
SSDEEP

1536:3wDujmFH2TtGTmjlPczLa3XE5Z4170eSRBN3n:3wDujJwa3sZMtSXN3n

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cf6a6b66c3c2fa77a515ec8adacd6617_JaffaCakes118

Files

cf6a6b66c3c2fa77a515ec8adacd6617_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

baafacf1b2c39aef7c5437e734a09468

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
SetEnvironmentVariableA
CompareStringW
CompareStringA
WideCharToMultiByte
lstrlenW
GetTempPathA
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
MultiByteToWideChar
lstrlenA
GetShortPathNameA
GetModuleHandleA
GetModuleFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcatA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
ReadFile
SetEndOfFile
GetOEMCP
GetACP
GetCPInfo
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetCommandLineA
GetVersion
HeapFree
GetLastError
CloseHandle
WriteFile
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
RtlUnwind
SetStdHandle
FlushFileBuffers
SetFilePointer
CreateFileA

ole32

CoCreateInstance

oleaut32

shell32

ShellExecuteA

user32

CharNextA
MessageBoxA

wininet

InternetCloseHandle
InternetOpenA
InternetOpenUrlA
InternetReadFile

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

baafacf1b2c39aef7c5437e734a09468

Headers

File Characteristics

Imports

kernel32

ole32

oleaut32

shell32

user32

wininet

Exports

Exports

Sections

UPX0 Size: 76KB - Virtual size: 76KB

.rsrc Size: 4KB - Virtual size: 4KB

.avp Size: 2KB - Virtual size: 4KB

UPX0
Size: 76KB - Virtual size: 76KB

.rsrc
Size: 4KB - Virtual size: 4KB

.avp
Size: 2KB - Virtual size: 4KB