d4d7fc5cb7d4e188062226f21bdcf8b8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d4d7fc5cb7d4e188062226f21bdcf8b8_JaffaCakes118
Size

2.0MB
MD5

d4d7fc5cb7d4e188062226f21bdcf8b8
SHA1

ee22c70c345ec4587afb4df4d2abe77678017de6
SHA256

1ddfefb1fe7a76ad4d34c3453191b0e6d40e35ab25315b22e3e1f35c5f05fc3a
SHA512

d076ec0358e9dbad33f962395548ef8de82cd3056e8d5ff5975bc384bd9b1b5c30f461ca8e87421e389c96f9894bd0f38727b25f1fa72601fbf2dacb6b3dcf97
SSDEEP

49152:KNuvUPmrO7q9LGk9SqzCef5YbmOWK14VRaqF74eQkPR:LvcmS786k0ef5Y/GVRaq9PQo

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d4d7fc5cb7d4e188062226f21bdcf8b8_JaffaCakes118

Files

d4d7fc5cb7d4e188062226f21bdcf8b8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

949e1e1c600da7fa71ef7aa1f8786e0d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvfw32

DrawDibDraw

avifil32

AVIStreamGetFrame

kernel32

lstrcatA
GetModuleHandleA
LoadLibraryA
VirtualAlloc
GetModuleFileNameA
ExitProcess

user32

EnumThreadWindows
MessageBoxA

gdi32

CreateBitmap

winmm

midiStreamOpen

msimg32

GradientFill

winspool.drv

ClosePrinter

comdlg32

GetOpenFileNameA

advapi32

RegSetValueExA

shell32

Shell_NotifyIconA

ole32

OleUninitialize

oleaut32

SafeArrayUnaccessData

comctl32

ImageList_Destroy

oledlg

ord8

ws2_32

accept

Sections

.text
Size: - Virtual size: 547KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: - Virtual size: 422KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX1
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

949e1e1c600da7fa71ef7aa1f8786e0d

Headers

File Characteristics

Imports

msvfw32

avifil32

kernel32

user32

gdi32

winmm

msimg32

winspool.drv

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

oledlg

ws2_32

Sections

.text Size: - Virtual size: 547KB

.rdata Size: - Virtual size: 1.2MB

.data Size: - Virtual size: 281KB

.rsrc Size: 12KB - Virtual size: 29KB

.UPX0 Size: - Virtual size: 422KB

.UPX1 Size: 2.0MB - Virtual size: 2.0MB

.reloc Size: 4KB - Virtual size: 120B

.text
Size: - Virtual size: 547KB

.rdata
Size: - Virtual size: 1.2MB

.data
Size: - Virtual size: 281KB

.rsrc
Size: 12KB - Virtual size: 29KB

.UPX0
Size: - Virtual size: 422KB

.UPX1
Size: 2.0MB - Virtual size: 2.0MB

.reloc
Size: 4KB - Virtual size: 120B