f71c4e5d1c54a6aeb3bc53ce35099ff5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f71c4e5d1c54a6aeb3bc53ce35099ff5_JaffaCakes118
Size

205KB
MD5

f71c4e5d1c54a6aeb3bc53ce35099ff5
SHA1

c9a4875536d04cb5f9a7e4f90a8df12a94fb1796
SHA256

051ddd7ebe5f4aa830491f27d0780046846cdb859760ddee1d41f257b62184d2
SHA512

3432c1eb09aacead12d2fe94f726a734e5b3723ef5d19c1b685bb6a589ff5e447d186dd4133c66e5186f6988e3d4ff69e4509f0597a355bac5b660b491fbcfdb
SSDEEP

3072:NOp3mjR3GprlwJQeyZx0G5tjDzHKRKZk:NONm5GwQfx0U1vZ

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f71c4e5d1c54a6aeb3bc53ce35099ff5_JaffaCakes118

Files

f71c4e5d1c54a6aeb3bc53ce35099ff5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e45bafda933a408e6c7c2d0179d1b7fa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
FlushFileBuffers
GetStringTypeA
GetStringTypeW
CreateProcessA
SetEnvironmentVariableA
FreeEnvironmentStringsW
FreeEnvironmentStringsA
CompareStringW
CompareStringA
SetEndOfFile
GetOEMCP
GetACP
CreateFileW
SetStdHandle
IsBadCodePtr
UnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualQuery
IsBadReadPtr
SetUnhandledExceptionFilter
CloseHandle
UnmapViewOfFile
GetSystemDirectoryA
GetVersionExA
GetCurrentThreadId
GetCurrentProcessId
MapViewOfFile
CreateFileMappingA
GetFileAttributesA
RemoveDirectoryA
GetLastError
DeleteFileW
SetFileAttributesW
MultiByteToWideChar
Sleep
ExitProcess
GetTempPathA
CreateProcessW
CreateDirectoryA
OpenFileMappingA
GetFileAttributesW
CreateThread
TerminateProcess
WaitForSingleObject
OpenProcess
GetModuleFileNameW
GetModuleFileNameA
GetModuleHandleA
HeapFree
GetProcessHeap
FindNextFileA
SystemTimeToFileTime
FindClose
FindFirstFileA
GetDiskFreeSpaceExA
GetTickCount
GetExitCodeProcess
GetSystemDefaultLangID
FormatMessageA
GetEnvironmentVariableA
DeleteFileA
SetFileAttributesA
HeapAlloc
WriteFile
SetFilePointer
ReadFile
GetFileSize
CreateFileA
GetProcAddress
WideCharToMultiByte
lstrlenW
FreeLibrary
LoadLibraryA
lstrlenA
GetVolumeInformationA
lstrcmpiA
lstrcpyA
OutputDebugStringA
GetCurrentProcess
RaiseException
GetSystemInfo
GetFileTime
FileTimeToDosDateTime
FileTimeToLocalFileTime
GlobalMemoryStatus
GetSystemTimeAsFileTime
lstrcpynA
InterlockedExchange
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetStartupInfoA
GetCommandLineA
GetVersion
HeapReAlloc
HeapSize
LCMapStringA
LCMapStringW
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetCPInfo

advapi32

RegDeleteKeyA
CryptAcquireContextA
CryptImportKey
CryptCreateHash
CryptHashData
CryptVerifySignatureA
CryptDestroyHash
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
CryptReleaseContext

iphlpapi

GetAdaptersInfo

ole32

CoInitialize

shell32

SHGetSpecialFolderPathA

shlwapi

PathAddBackslashA
SHSetValueW
SHDeleteValueA
SHGetValueA
SHSetValueA
PathCanonicalizeA

urlmon

URLDownloadToCacheFileA

user32

wvsprintfA
PostThreadMessageA
GetMessageA
DispatchMessageA
wsprintfA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

wininet

InternetReadFile
InternetOpenA
InternetConnectA
InternetOpenUrlA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA
InternetGetConnectedState
InternetCloseHandle
DeleteUrlCacheEntry

Sections

UPX0
Size: 200KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e45bafda933a408e6c7c2d0179d1b7fa

Headers

File Characteristics

Imports

kernel32

advapi32

iphlpapi

ole32

shell32

shlwapi

urlmon

user32

version

wininet

Sections

UPX0 Size: 200KB - Virtual size: 200KB

.avc Size: 4KB - Virtual size: 4KB

UPX0
Size: 200KB - Virtual size: 200KB

.avc
Size: 4KB - Virtual size: 4KB