def1475d0eaffbd73f85df6968a5dde7_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

def1475d0eaffbd73f85df6968a5dde7_JaffaCakes118
Size

219KB
MD5

def1475d0eaffbd73f85df6968a5dde7
SHA1

6955fa7c6f2d24fa5cfc7a17b190912b5a637be6
SHA256

63d4f3a0bbfb29d7da1e2785a2673b030bd9312c61d5d829cecb8be03137a4dc
SHA512

9af8d09e0443694eaa9e7d83f2d1b90c21451d5af361e0a2e446d20d7b7d016b344a8fe9e10ac6ef537a7ba0be5255b08c3461271d8e3ce538238d57c4a727f4
SSDEEP

6144:wDAO8kn5iBh9aLASgR4dMOiU3SUb6liZwillBq6AfJ:wDAO8kn5iBDaLx/MOP3fb6liykjpAfJ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
def1475d0eaffbd73f85df6968a5dde7_JaffaCakes118

Files

def1475d0eaffbd73f85df6968a5dde7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5f5e4cf0ce29af1d328ea238b8cc744f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

nslookup.pdb

Imports

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__initenv
_cexit
_XcptFilter
_exit
_c_exit
_write
perror
_errno
system
gmtime
calloc
fputs
getc
putc
fputc
malloc
fflush
getenv
fopen
fgets
isspace
strncmp
_strnicmp
fprintf
fclose
sprintf
printf
putchar
strncpy
strchr
sscanf
free
isdigit
_iob
exit

advapi32

RegCloseKey

kernel32

LeaveCriticalSection
EnterCriticalSection
ExpandEnvironmentStringsA
GetCurrentThreadId
SetUnhandledExceptionFilter
GetTickCount
QueryPerformanceCounter
SetLastError
LocalFree
FormatMessageA
SetConsoleCtrlHandler
GetLastError
UnhandledExceptionFilter
GetModuleHandleA
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess

wsock32

ioctlsocket
gethostname
inet_addr
htons
gethostbyname
WSAGetLastError
WSAStartup
getservbyport
getprotobynumber
ntohs
recv
send
connect
socket
select
ord1108
htonl
closesocket

user32

CharToOemBuffA

dnsapi

DnsFreeConfigStructure
DnsQueryConfigAllocEx

ntdll

RtlIpv6AddressToStringA
RtlFreeUnicodeString
NtOpenKey
RtlAnsiStringToUnicodeString
RtlInitString
RtlUnicodeStringToAnsiString
NtQueryValueKey
RtlFreeHeap
RtlAllocateHeap

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 13KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5f5e4cf0ce29af1d328ea238b8cc744f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

wsock32

user32

dnsapi

ntdll

Sections

.text Size: 41KB - Virtual size: 41KB

.data Size: 13KB - Virtual size: 172KB

.rsrc Size: 19KB - Virtual size: 18KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 41KB - Virtual size: 41KB

.data
Size: 13KB - Virtual size: 172KB

.rsrc
Size: 19KB - Virtual size: 18KB

UPX0
Size: 144KB - Virtual size: 380KB