cfb14f9042e2ead6faa1e945e8d2328c_JaffaCakes118

General

Target

cfb14f9042e2ead6faa1e945e8d2328c_JaffaCakes118
Size

67KB
MD5

cfb14f9042e2ead6faa1e945e8d2328c
SHA1

86beaf2488c1c74394004d4dbf6948495bbd884b
SHA256

034e2c8cbe9cc7048dfd2b96f57d3a34df23cb21e1e9801d0f1089611bef9738
SHA512

6b7836e8f84f7bc247cd0553e904de66f061a1b6ad4a5879479afdceb91e9432fa18b24dfb1f4d31c0ec378b06d2af657521dca08f3fef33d09f26e7cc1b1e6a
SSDEEP

768:H6C6ub6RCj9fQRMobD3gYxvuddrbBhWcLtG7qR:H6CgCj9frFYxvuddrbPn3R

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cfb14f9042e2ead6faa1e945e8d2328c_JaffaCakes118

Files

cfb14f9042e2ead6faa1e945e8d2328c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7e484e4100305a01fc73f47c024a30b2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
TerminateProcess
Sleep
GetProcAddress
CreateProcessA
GetVersionExA
GetCurrentProcess
HeapFree
CreateThread
GetEnvironmentVariableW
FileTimeToSystemTime
FileTimeToLocalFileTime
VirtualQueryEx
CloseHandle
ReadProcessMemory
GetSystemInfo
OpenProcess
GetWindowsDirectoryA
FreeLibrary
HeapAlloc
GetProcessHeap
WideCharToMultiByte
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetCommandLineA
GetVersion
ExitProcess
GetLastError
GetFileAttributesA
MultiByteToWideChar
GetSystemDirectoryA
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetCPInfo
GetACP
GetOEMCP
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
WriteFile
GetExitCodeProcess
WaitForSingleObject
VirtualAlloc
SetStdHandle
FlushFileBuffers
CreateFileA
GetStringTypeA
GetStringTypeW
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetFilePointer
SetEndOfFile
ReadFile
HeapReAlloc

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

Sections

UPX0
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7e484e4100305a01fc73f47c024a30b2

Headers

File Characteristics

Imports

kernel32

advapi32

Sections

UPX0 Size: 64KB - Virtual size: 64KB

.avp Size: 2KB - Virtual size: 4KB

UPX0
Size: 64KB - Virtual size: 64KB

.avp
Size: 2KB - Virtual size: 4KB