d4445f37037b4805cf1e523e82720969_JaffaCakes118

General

Target

d4445f37037b4805cf1e523e82720969_JaffaCakes118
Size

83KB
MD5

d4445f37037b4805cf1e523e82720969
SHA1

fd2d9a11722f44fdaf468a89572aa9745980f4fc
SHA256

ba2388b549ff91a9a8821f607a467d804c2716b2a1f7f9ae8ea4b03d07e90a7a
SHA512

59b95275d79c77436f8d95e1441aca27a5785f107415843fbc852eea8b586c293a1ee463dc09f002e92e3174e84382fcd76877e8fbed0bbaf83dcf98efb70559
SSDEEP

768:TjfhSlNC5MhQ7Ji/VlKUooUTIZaia8HLyC3vRTzVGCOPWYN/8oia9ND:PhS2MG7ADK4UTIZLhHbTxGvuvonND

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d4445f37037b4805cf1e523e82720969_JaffaCakes118

Files

d4445f37037b4805cf1e523e82720969_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6766d525470f1732187bfb8216ca8990

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
WriteProcessMemory
GetProcAddress
VirtualAllocEx
OutputDebugStringA
GetCurrentProcess
GetSystemDirectoryA
GetSystemTime
WaitForSingleObject
CreateRemoteThread
LockResource
CreateFileA
CopyFileA
LoadResource
SizeofResource
FindResourceA
GetModuleFileNameA
VirtualFreeEx
CreateToolhelp32Snapshot
Process32First
Process32Next
WriteFile
Sleep
CloseHandle
GetVersionExA
HeapDestroy
OpenProcess
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapAlloc
VirtualAlloc
HeapCreate
VirtualFree
HeapFree
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
HeapReAlloc
LoadLibraryA
GetStringTypeA
LCMapStringA
LCMapStringW
GetStringTypeW

advapi32

RegCloseKey
RegQueryValueExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegSetValueExA
RegOpenKeyExA

user32

FindWindowExA

Sections

UPX0
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6766d525470f1732187bfb8216ca8990

Headers

File Characteristics

Imports

kernel32

advapi32

user32

Sections

UPX0 Size: 80KB - Virtual size: 80KB

.rsrc Size: 512B - Virtual size: 4KB

.avc Size: 1KB - Virtual size: 4KB

UPX0
Size: 80KB - Virtual size: 80KB

.rsrc
Size: 512B - Virtual size: 4KB

.avc
Size: 1KB - Virtual size: 4KB