da9f2456a9fd5aa44ba93b7e78a74cfa_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

da9f2456a9fd5aa44ba93b7e78a74cfa_JaffaCakes118
Size

151KB
MD5

da9f2456a9fd5aa44ba93b7e78a74cfa
SHA1

c191de5dceef2aa2182d3f85673f47bcee080d41
SHA256

b85a1cbc477f1e51a8f791a4c8fc84b14dc5a282f7d47a12fdee8892c8889dd2
SHA512

6a22e23a297fac03e48608515dcc64528aa7c9f5d73f4ee358a1883c48592b1b95f9595cc1f29d1c3f2f825728423227938796984464d8cfcbf5f79c0f0c4142
SSDEEP

3072:dX0ImKZb1D/PGG9tIxox9TSRsU9EBrNXE59Ws58Vldic35kq52:zmKx46nWj9Z5EVUskq52

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
da9f2456a9fd5aa44ba93b7e78a74cfa_JaffaCakes118

Files

da9f2456a9fd5aa44ba93b7e78a74cfa_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1b96e8756fc58e22b39f9aea486522af

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ALG.pdb

Imports

msvcrt

_adjust_fdiv
__p__commode
__p__fmode
memmove
_wcsicmp
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_purecall
__CxxFrameHandler
??2@YAPAXI@Z
__set_app_type
_except_handler3
__dllonexit
_onexit
_controlfp
isdigit
??3@YAXPAX@Z

atl

ord21
ord32
ord20
ord17
ord23
ord16

advapi32

RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW
StartServiceCtrlDispatcherW
RegNotifyChangeKeyValue
RegisterServiceCtrlHandlerW
SetServiceStatus
RegCloseKey
SystemFunction036

kernel32

GetStartupInfoW
GetModuleHandleA
CreateThread
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
CreateTimerQueueTimer
ReadFile
GetCurrentProcessId
WriteFile
BindIoCompletionCallback
UnregisterWait
RegisterWaitForSingleObject
HeapAlloc
DeleteTimerQueueTimer
GetProcessHeap
HeapFree
DuplicateHandle
GetCurrentProcess
QueryPerformanceCounter
GetTickCount
SetUnhandledExceptionFilter
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetLastError
CreateTimerQueue
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
DeleteTimerQueueEx
CloseHandle
Sleep
WaitForMultipleObjects
CreateEventW
WaitForSingleObject
SetEvent
GetCurrentThreadId

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoUninitialize
CoInitializeEx
CLSIDFromString

oleaut32

SysFreeString
SysAllocString

wsock32

getpeername
getsockname
ord1142
WSAStartup
setsockopt
WSACleanup
htons
listen
closesocket
ioctlsocket
WSAGetLastError
htonl
ord1141
bind
ntohs

ws2_32

WSAEnumNetworkEvents
WSAConnect
WSAEventSelect
WSASocketW

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1b96e8756fc58e22b39f9aea486522af

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

atl

advapi32

kernel32

ole32

oleaut32

wsock32

ws2_32

Sections

.text Size: 34KB - Virtual size: 34KB

.data Size: 512B - Virtual size: 800B

.rsrc Size: 7KB - Virtual size: 7KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 34KB - Virtual size: 34KB

.data
Size: 512B - Virtual size: 800B

.rsrc
Size: 7KB - Virtual size: 7KB

.UPX0
Size: 108KB - Virtual size: 260KB