d383f799d31e749c57768b037404bc24_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d383f799d31e749c57768b037404bc24_JaffaCakes118
Size

170KB
MD5

d383f799d31e749c57768b037404bc24
SHA1

5da5ab82663b737d943ccb2329c8f7985d4d74b0
SHA256

dc6a34011ecf136fda0015a3e324ddb539f18aa73667e04fcfde21d53ad6613a
SHA512

ee48063907ac88c207a72a34ea0b154043be54be6ca404051416d35be21e1445949e1a5576c29e122161764a0bb64182009e409fc79d8bf0f3605e213263c093
SSDEEP

3072:0wE+pYZuwdDRBeUoz3bp2yRjHcPKX+U8nXkBVqXAFc+aTalHTPSJnva+lLgepT8k:6f0XptaKXr8nXkq6cbaVPgnva+lLgep9

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d383f799d31e749c57768b037404bc24_JaffaCakes118

Files

d383f799d31e749c57768b037404bc24_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b1fcbee87e1daacf448f2eb9e953e4dd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

blastcln.pdb

Imports

advapi32

CloseServiceHandle
DeleteService
QueryServiceStatusEx
QueryServiceConfigW
OpenServiceW
EnumServicesStatusExW
OpenSCManagerW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegDeleteValueW
RegQueryValueExW
RegEnumValueW
RegCloseKey
RegQueryInfoKeyW
RegOpenKeyExW

kernel32

LocalFree
FormatMessageW
GetFileAttributesW
MoveFileExW
GetLastError
SetFileAttributesW
DeleteFileW
CloseHandle
GetFileSize
ReadFile
CreateFileW
ReadProcessMemory
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
WaitForSingleObject
TerminateProcess
OpenProcess
GetCurrentProcess
GetWindowsDirectoryW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleW
GetVersionExW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCommandLineA
GetVersionExA
EnterCriticalSection
LeaveCriticalSection
HeapFree
HeapAlloc
ExitProcess
GetModuleHandleA
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsFree
SetLastError
TlsSetValue
TlsGetValue
TlsAlloc
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
RtlUnwind
InterlockedExchange
VirtualQuery
LCMapStringA
MultiByteToWideChar
LCMapStringW
LoadLibraryA
GetACP
GetOEMCP
GetCPInfo
InitializeCriticalSection
FlushFileBuffers
SetStdHandle
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
VirtualProtect
GetSystemInfo
SetFilePointer
SetEndOfFile
GetProcessHeap
CompareStringA
CompareStringW
SetEnvironmentVariableA

psapi

GetModuleInformation
EnumProcessModules
EnumProcesses
GetModuleFileNameExW

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 100KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b1fcbee87e1daacf448f2eb9e953e4dd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

psapi

Sections

.text Size: 63KB - Virtual size: 63KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 1024B - Virtual size: 1016B

.UPX0 Size: 100KB - Virtual size: 244KB

.text
Size: 63KB - Virtual size: 63KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 1024B - Virtual size: 1016B

.UPX0
Size: 100KB - Virtual size: 244KB