cfd5cb943aac2a4a28216b731999636e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

cfd5cb943aac2a4a28216b731999636e_JaffaCakes118
Size

2.2MB
MD5

cfd5cb943aac2a4a28216b731999636e
SHA1

9c65f2cec6763f50c6a5955f611f739dd5ca35a9
SHA256

5d72ad73e82b23e6f1a39311f6b2b92de8823307b82186c1d3fbb3de824eb325
SHA512

5ca995f546bf45a3b46d8d0994e053b6d64663fefc91c044ff441b9010aa80eb470bc9ab2b356dc06ab128545eca61335987c6dc38aebfbebc5c3055404d72f9
SSDEEP

49152:gpujuRNyNE0gesEdZEnOZ965/Zg/kCjG9M0nIW0f3RaOP2l7c/oAtyd:gp1R0sYEnOeu/m9gBaO67c/J

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cfd5cb943aac2a4a28216b731999636e_JaffaCakes118

Files

cfd5cb943aac2a4a28216b731999636e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

54ad2afcb13804885373a579a5c43b41

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

midiOutUnprepareHeader

ws2_32

WSAAsyncSelect

rasapi32

RasGetConnectStatusA

kernel32

GetCurrentThreadId
GetModuleHandleA
LoadLibraryA
VirtualAlloc
GetModuleFileNameA
ExitProcess

user32

SetMenuItemBitmaps
MessageBoxA

gdi32

GetDeviceCaps

winspool.drv

OpenPrinterA

advapi32

RegQueryValueA

shell32

ShellExecuteA

ole32

CLSIDFromProgID

oleaut32

SafeArrayGetElemsize

comctl32

_TrackMouseEvent

oledlg

ord8

wininet

HttpQueryInfoA

comdlg32

GetSaveFileNameA

Sections

.text
Size: - Virtual size: 573KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: - Virtual size: 401KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX1
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

54ad2afcb13804885373a579a5c43b41

Headers

File Characteristics

Imports

winmm

ws2_32

rasapi32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

wininet

comdlg32

Sections

.text Size: - Virtual size: 573KB

.rdata Size: - Virtual size: 1.8MB

.data Size: - Virtual size: 286KB

.rsrc Size: 12KB - Virtual size: 69KB

.UPX0 Size: - Virtual size: 401KB

.UPX1 Size: 2.1MB - Virtual size: 2.1MB

.reloc Size: 4KB - Virtual size: 116B

.text
Size: - Virtual size: 573KB

.rdata
Size: - Virtual size: 1.8MB

.data
Size: - Virtual size: 286KB

.rsrc
Size: 12KB - Virtual size: 69KB

.UPX0
Size: - Virtual size: 401KB

.UPX1
Size: 2.1MB - Virtual size: 2.1MB

.reloc
Size: 4KB - Virtual size: 116B