dcf58ef3abed3c3e56ad17078d08052b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dcf58ef3abed3c3e56ad17078d08052b_JaffaCakes118
Size

172KB
MD5

dcf58ef3abed3c3e56ad17078d08052b
SHA1

006a3d20b39c1dcd253005903924e176ac424979
SHA256

11b09e0b801dbf24b1ea089257f534b9396dfb5d2755457c79fea7e722d364a4
SHA512

45e9b80d4dd3ba088b6396cc238b4b15a889bc7ab7de987952e0489fb51211cc674ece12df63cb6bc51dc455ca88cb25bc65e1fa8e33b20036e56be0115ed77a
SSDEEP

3072:ZM9slitpyoFa5a3SI8toL1LMvfBMv8lN/ttTvMl/KAoDqPDN/zad:ZM9ssMISI8U1AvJ+8lFnTvMl/4qPDK

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dcf58ef3abed3c3e56ad17078d08052b_JaffaCakes118

Files

dcf58ef3abed3c3e56ad17078d08052b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2fd9392d3a44a1570ec6d50da229304c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
GetTempPathA
GetTimeZoneInformation
GetModuleFileNameA
LocalFree
LocalAlloc
GetLocalTime
CloseHandle
CreateFileA
GetFileSize
ReadFile
SetFilePointer
DeleteFileA
WriteFile
GetCommandLineA
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
LCMapStringA
MultiByteToWideChar
WideCharToMultiByte
HeapReAlloc
CompareStringW
CompareStringA
LoadLibraryA
GetProcAddress
GetStringTypeW
GetStringTypeA
RtlUnwind
GetFileType
SetEnvironmentVariableA
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
VirtualFree
VirtualAlloc
GetSystemTime
HeapFree
HeapAlloc
GetModuleHandleA
GetStartupInfoA
GetVersion
ExitProcess
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate

user32

LoadCursorA
wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA
UpdateWindow
ShowWindow
CreateWindowExA
DefWindowProcA
DestroyWindow
PostQuitMessage
GetWindowTextA
PostMessageA
LoadImageA
RegisterClassA

gdi32

GetStockObject

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA

wsock32

gethostbyname
gethostname
WSAStartup
WSACleanup
recv
ioctlsocket
htons
connect
setsockopt
closesocket
socket
WSAGetLastError
send

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 104KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2fd9392d3a44a1570ec6d50da229304c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

wsock32

Sections

.text Size: 44KB - Virtual size: 42KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 27KB

.rsrc Size: 4KB - Virtual size: 192B

.UPX0 Size: 104KB - Virtual size: 252KB

.text
Size: 44KB - Virtual size: 42KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 27KB

.rsrc
Size: 4KB - Virtual size: 192B

.UPX0
Size: 104KB - Virtual size: 252KB