e1f18d1a0477ee299f216f12bb6b1f38_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e1f18d1a0477ee299f216f12bb6b1f38_JaffaCakes118
Size

78KB
MD5

e1f18d1a0477ee299f216f12bb6b1f38
SHA1

1298735f9322dd4db64b8952b7c3540ece181ccf
SHA256

552437bc860de8e48d7b9dfc1f183881a8c4eb78ca0b85ba455dea486c851c7c
SHA512

beef4b2d30f73b3e1d1382d6237c271e135472a4b2b2fd89de3a1d1584a31f4ed4698eb97da290f1f1d08be0547d2d2d20d81d6b9ff16e37b002657a24db3325
SSDEEP

768:aXxHKnNUIiLnn26oU7H4Lhc6O4k1YkIbOB943LpDlDrCziKK:qqnNU3n54H8YPyS3L3rCK

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e1f18d1a0477ee299f216f12bb6b1f38_JaffaCakes118

Files

e1f18d1a0477ee299f216f12bb6b1f38_JaffaCakes118
.exe windows:1 windows x86 arch:x86

be6d339ea2d7a18eb1e77ee8e4fb979e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

lstrlenA
lstrcmpA
lstrcatA
WritePrivateProfileStringA
WriteFile
VirtualFree
VirtualAlloc
Sleep
SizeofResource
SetThreadPriority
SetPriorityClass
SetFilePointer
SetFileAttributesA
SetErrorMode
RemoveDirectoryA
ReadFile
LockResource
LoadResource
LoadLibraryA
GlobalMemoryStatus
GetWindowsDirectoryA
GetTimeFormatA
GetTickCount
GetThreadPriority
GetProcAddress
GetPriorityClass
GetModuleHandleA
GetLastError
GetDateFormatA
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCommandLineA
FreeResource
FreeLibrary
FindResourceA
FindNextFileA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
DeleteFileA
CreateProcessA
CreateMutexA
CreateFileA
CreateDirectoryA
CopyFileA
CloseHandle
GetCurrentThreadId
LocalSize
LocalReAlloc
GetLastError
ExitProcess
CreateThread
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle
GetCommandLineA
TlsSetValue
TlsGetValue
LocalFree
LocalAlloc
GetModuleHandleA
GetModuleFileNameA
FreeLibrary

advapi32

RegSetValueExA
RegSetValueA
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyA
RegCloseKey

gdi32

GetDeviceCaps
CreateFontA

shell32

ShellExecuteA

user32

UpdateWindow
TranslateMessage
ShowWindow
SetWindowTextA
SetFocus
SendMessageA
RegisterClassA
PeekMessageA
MessageBoxA
LoadCursorA
IsWindowVisible
GetWindowTextLengthA
GetWindowTextA
GetWindowLongA
GetSystemMetrics
GetMessageA
GetForegroundWindow
GetDesktopWindow
GetDC
GetClassNameA
FindWindowA
ExitWindowsEx
EnumWindows
EnumChildWindows
DispatchMessageA
DefWindowProcA
CreateWindowExA
BringWindowToTop

winmm

timeSetEvent
timeKillEvent
timeGetDevCaps
timeBeginPeriod

wsock32

WSACleanup
WSAStartup
WSAGetLastError
socket
send
recv
listen
inet_addr
htons
connect
closesocket
bind
accept

Sections

UPX0
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

be6d339ea2d7a18eb1e77ee8e4fb979e

Headers

File Characteristics

Imports

kernel32

advapi32

gdi32

shell32

user32

winmm

wsock32

Sections

UPX0 Size: 72KB - Virtual size: 72KB

.rsrc Size: 2KB - Virtual size: 4KB

.avp Size: 3KB - Virtual size: 4KB

UPX0
Size: 72KB - Virtual size: 72KB

.rsrc
Size: 2KB - Virtual size: 4KB

.avp
Size: 3KB - Virtual size: 4KB