db5f5434a7e16da4fa3006355514b7c4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

db5f5434a7e16da4fa3006355514b7c4_JaffaCakes118
Size

267KB
MD5

db5f5434a7e16da4fa3006355514b7c4
SHA1

e9430cf05bb2a31bdbe049441988eb809bff6b2c
SHA256

6ea318e318cf4c5f4aaee5c5715cdfffc3def505028b55d3164f1f64074a20a0
SHA512

acd360b9eba5ba50bbc5f08dc3a5781905645a20bf431703bc3d38174fbbfb62f487b20de431a095044158436949e3e921c3c16cb8c2ea5f41e83164790f5761
SSDEEP

6144:rKOZ9DWGJRW88Y94Win1L5QD824Uh20i6Kt:OOZ1U8P9h21L5QD8F9Nb

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
db5f5434a7e16da4fa3006355514b7c4_JaffaCakes118

Files

db5f5434a7e16da4fa3006355514b7c4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a821a5b2e33773f0692ed940f5a4412a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60.dll .

__vbaR8ForNextCheck
_CIcos
_adj_fptan
__vbaVarMove
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
__vbaRaiseEvent
__vbaFreeObjList
ord516
_adj_fprem1
__vbaCopyBytes
__vbaStrCat
__vbaSetSystemError
__vbaHresultCheckObj
ord665
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
ord593
__vbaExitProc
ord594
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
ord631
__vbaErase
__vbaVarZero
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
ord529
__vbaGet3
__vbaStrCmp
__vbaAryConstruct2
__vbaPutOwner3
__vbaI2I4
DllFunctionCall
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaRedim
__vbaUI1ErrVar
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaUI1I4
__vbaExceptHandler
ord711
__vbaStrToUnicode
_adj_fprem
_adj_fdivr_m64
__vbaFPException
ord717
__vbaUbound
__vbaGetOwner3
ord644
ord537
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord648
__vbaNew2
ord570
__vbaVar2Vec
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord578
ord100
__vbaAryLock
__vbaStrToAnsi
__vbaVarDup
__vbaVarCopy
__vbaFpI4
_CIatan
__vbaStrMove
__vbaAryCopy
__vbaR8IntI4
_allmul
_CItan
__vbaAryUnlock
_CIexp
__vbaI4ErrVar
__vbaFreeStr
__vbaFreeObj
ord581

Sections

UPX0
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 70KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a821a5b2e33773f0692ed940f5a4412a

Headers

File Characteristics

Imports

msvbvm60.dll .

Sections

UPX0 Size: 156KB - Virtual size: 156KB

UPX1 Size: 70KB - Virtual size: 72KB

.rsrc Size: 3KB - Virtual size: 4KB

pebundle Size: 20KB - Virtual size: 20KB

pebundle Size: 16KB - Virtual size: 20KB

UPX0
Size: 156KB - Virtual size: 156KB

UPX1
Size: 70KB - Virtual size: 72KB

.rsrc
Size: 3KB - Virtual size: 4KB

pebundle
Size: 20KB - Virtual size: 20KB

pebundle
Size: 16KB - Virtual size: 20KB