d0bb7c7087e65ef885a707e3c01b2fb1_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d0bb7c7087e65ef885a707e3c01b2fb1_JaffaCakes118
Size

57KB
MD5

d0bb7c7087e65ef885a707e3c01b2fb1
SHA1

67212d49c0ac8cb8627918f6fe47cd1ac850e396
SHA256

a5d3f61c0b3f9034a48a422002b5bd64317c1f9d621f2414b1798bf73f7b978b
SHA512

b45046458585640483f5ea8465fbc2cf704648c10c6d183b897909a52079c642999da55a416de069583dcbb71f33d3c61d65819d8677a116d417f57f6670519e
SSDEEP

768:Y/ZgEaaynC7FXHTAN3p+qZ442dbF4ggXClV1oZpSTlv0b+oVw+ac+SxpDER8IAD2:YR6ay+DNqZCGggytlSbVYc+WyR8jD

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d0bb7c7087e65ef885a707e3c01b2fb1_JaffaCakes118

Files

d0bb7c7087e65ef885a707e3c01b2fb1_JaffaCakes118
.exe windows:5 windows x86 arch:x86

57de8a5fcd381e96cc5afb1c9ccb6e9f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVolumeInformationA
VirtualFreeEx
CreateProcessA
ReadFile
FlushFileBuffers
GetLongPathNameA
GetTempFileNameA
GetWindowsDirectoryA
GlobalAlloc
GetModuleFileNameA
FatalExit
_lopen
CloseHandle
GetTempPathA
WriteProcessMemory
GetTickCount
ConnectNamedPipe
SetCommMask
GetConsoleCP
WaitForSingleObject
_lwrite
EnumCalendarInfoA
GetFileType
OpenFile
VirtualProtect

user32

GetProcessWindowStation
wsprintfA
EnumWindows
CreateIcon
DrawIconEx
GetSystemMetrics
FlashWindow
MsgWaitForMultipleObjectsEx
ChangeClipboardChain
DrawStateW
GetUpdateRect

gdi32

Chord
CopyMetaFileW
GetDeviceGammaRamp
DeleteColorSpace
CombineTransform
CopyEnhMetaFileA

ws2_32

htonl
WSAStartup
connect
htons
bind
socket
closesocket
gethostbyname
send
recv

shlwapi

StrStrIA

iphlpapi

GetAdaptersInfo

msvcrt

memset
memcpy

Sections

.text
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX0
Size: - Virtual size: 378B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.UPX1
Size: - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE

.UPX2
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

57de8a5fcd381e96cc5afb1c9ccb6e9f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

ws2_32

shlwapi

iphlpapi

msvcrt

Sections

.text Size: - Virtual size: 2KB

.rdata Size: - Virtual size: 17KB

.data Size: - Virtual size: 16B

.UPX0 Size: - Virtual size: 378B

.UPX1 Size: - Virtual size: 47KB

.UPX2 Size: 56KB - Virtual size: 55KB

.reloc Size: 512B - Virtual size: 76B

.text
Size: - Virtual size: 2KB

.rdata
Size: - Virtual size: 17KB

.data
Size: - Virtual size: 16B

.UPX0
Size: - Virtual size: 378B

.UPX1
Size: - Virtual size: 47KB

.UPX2
Size: 56KB - Virtual size: 55KB

.reloc
Size: 512B - Virtual size: 76B