d53b674318c9a48a91380efa6892158c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d53b674318c9a48a91380efa6892158c_JaffaCakes118
Size

272KB
MD5

d53b674318c9a48a91380efa6892158c
SHA1

ec1fdc547bd28300412b26205ed0f28782f3d23d
SHA256

afe80258369e0a73d9d4aaa2f31635426c3d591da0b0bd76a1a8681a633afcca
SHA512

3974d11d3cb3ff3b09876a897688dcc90673ed77d5b2857b2376ef32dc3e0ed31c4b358a46995fdb83f829aed4e6c6299cf60606faa5943bf1c21aefe9d670bf
SSDEEP

6144:MdWnKY6HVXDFxWZsAfn0LfzRUBPGwsYfdZYkWX9WKpTx2:MYVKAre9DTx

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d53b674318c9a48a91380efa6892158c_JaffaCakes118

Files

d53b674318c9a48a91380efa6892158c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7858668a171c4dad5973b1cf2ca0ed39

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetThreadLocale
GetModuleHandleA
GetModuleFileNameA
LoadLibraryA
DeleteFileA
FindFirstFileA
FindClose
WideCharToMultiByte
GlobalAlloc
GetTimeZoneInformation
GetFileType
CreateFileA
ExitProcess
GetACP
TerminateProcess
CompareStringA
GetCPInfo
CompareStringW
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
RtlUnwind
FreeEnvironmentStringsA
SetFilePointer
ReadFile
GetFileAttributesA
SetStdHandle
GetStdHandle
SetEndOfFile
HeapFree
MultiByteToWideChar
WaitForSingleObject
GetExitCodeProcess
GetCurrentDirectoryA
GetFullPathNameA
SetEnvironmentVariableW
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
LCMapStringW
LCMapStringA
FlushFileBuffers
SetEnvironmentVariableA
GetOEMCP
CreateProcessA
MoveFileA
GetStringTypeW
GetCommandLineA
GetStartupInfoA
GetCurrentProcess
HeapAlloc
GetLastError
CloseHandle
SetHandleCount
WriteFile
GetStringTypeA
GetVersion
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc

user32

BeginPaint
DefWindowProcA
GetDC
MessageBoxA
ReleaseDC
GetDesktopWindow
SetWindowPos
GetClientRect
LoadCursorA
EndPaint
SetTimer
RegisterClassA
CreateWindowExA
DispatchMessageA
GetMessageA
TranslateMessage
PostQuitMessage

gdi32

GetDeviceCaps
DeleteDC
CreateDIBSection
SelectObject
CreateCompatibleDC
BitBlt

shell32

SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListA

wsock32

socket
WSAStartup
WSAGetLastError
send
connect
htons
ioctlsocket
closesocket
bind
getsockname
listen
ntohs
accept
recv
WSAAsyncSelect

Sections

.text
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7858668a171c4dad5973b1cf2ca0ed39

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

wsock32

Sections

.text Size: 100KB - Virtual size: 96KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 16KB - Virtual size: 39KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 100KB - Virtual size: 96KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 16KB - Virtual size: 39KB

UPX0
Size: 144KB - Virtual size: 380KB