ef83f811a28998e34a6402d30b50b623_JaffaCakes118

General

Target

ef83f811a28998e34a6402d30b50b623_JaffaCakes118
Size

71KB
MD5

ef83f811a28998e34a6402d30b50b623
SHA1

127ecbf970cb43315592f85da3a44e7e8c04d5ac
SHA256

2ce0bba1d38f092204dc5bc45e1bcc9b9b8d6c336f57d18c2f02b25a46334bcc
SHA512

9752b17893bbc5a620a080d03dbcb49c1156cb1bbd1d68838ed65ede104d2d771b5093003513f546b7830dc5e4279588da72b630c8a90699adfa0ede8d711502
SSDEEP

1536:3t2cvMoLgt4G/LksleYfd2i3sqmpXqrkn2M:3ttvNG4GDYYfZbrknN

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ef83f811a28998e34a6402d30b50b623_JaffaCakes118

Files

ef83f811a28998e34a6402d30b50b623_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2a16e6a2ce1bdae9d2e2be294f5dc81c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FlushFileBuffers
GetLocaleInfoA
VirtualProtect
GetSystemInfo
GlobalAlloc
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
SetStdHandle
GetCPInfo
GetOEMCP
GetACP
SetFilePointer
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
VirtualAlloc
VirtualQuery
InterlockedExchange
HeapSize
HeapAlloc
GetProcessAffinityMask
GetPriorityClass
GetFileAttributesExA
SetErrorMode
GetExitCodeProcess
GetProcessShutdownParameters
GetFileSize
SetFileAttributesA
GetLastError
GetProcAddress
LoadLibraryA
GetThreadContext
WaitForSingleObject
GetTickCount
ResumeThread
SetThreadContext
VirtualAllocEx
GetCurrentProcess
Sleep
CreateProcessA
CloseHandle
WriteFile
CreateFileA
ReadFile
GlobalFree
CopyFileA
CreateThread
CreateMutexA
GetLocalTime
SetEnvironmentVariableA
GetEnvironmentVariableA
GetModuleFileNameA
OpenMutexA
ExitProcess
GetModuleHandleA
TerminateProcess
RtlUnwind
RaiseException
GetStartupInfoA
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapFree
SetUnhandledExceptionFilter
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapReAlloc

advapi32

RegEnumKeyExA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegQueryMultipleValuesA
RegEnumValueA

user32

GetWindowInfo
GetWindow
GetGuiResources
GetWindowLongA
GetWindowDC

wininet

HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
InternetReadFile
InternetCloseHandle

ws2_32

Sections

UPX0
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2a16e6a2ce1bdae9d2e2be294f5dc81c

Headers

File Characteristics

Imports

kernel32

advapi32

user32

wininet

ws2_32

Sections

UPX0 Size: 68KB - Virtual size: 68KB

.avc Size: 2KB - Virtual size: 4KB

UPX0
Size: 68KB - Virtual size: 68KB

.avc
Size: 2KB - Virtual size: 4KB