f50f425330ae31a1ca336690513de1cb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f50f425330ae31a1ca336690513de1cb_JaffaCakes118
Size

253KB
MD5

f50f425330ae31a1ca336690513de1cb
SHA1

982d6697db0570cc6ca266e6e696d96e5f5cd5c6
SHA256

5c8ce0a98f7945b737a77ef24780a6eacc3242d771e3c2299c055e0980ff0513
SHA512

5aebe0cdd15c02c0e9a7f4bbccafd55763c6e13e383f93e96ddb8a81c74135bc81ded90ab556ac8edb85f0c25615cb9f56f07a0dc06851e0b87fb699b418bc85
SSDEEP

6144:6A8OTDcDfsjC3yxpT2XWQ1nuK29vaXY5h1vr/KSV:6A8OTDqHCxpTRWnuHyXih1O8

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f50f425330ae31a1ca336690513de1cb_JaffaCakes118

Files

f50f425330ae31a1ca336690513de1cb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f6cec465abb47871a28e65bd13f9ab56

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

RpcServerUnregisterIf
RpcServerListen
RpcMgmtWaitServerListen
RpcMgmtStopServerListening
NdrServerCall2
RpcServerUseProtseqEpA
RpcServerRegisterIf

user32

GetDesktopWindow

kernel32

CloseHandle
CreateFileA
GetConsoleOutputCP
FlushFileBuffers
GlobalDeleteAtom
GlobalAddAtomA
FreeLibrary
LoadLibraryA
GetProcAddress
WriteConsoleA
TlsSetValue
HeapValidate
IsBadReadPtr
InterlockedIncrement
InterlockedDecrement
GetModuleHandleA
ExitProcess
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameA
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapReAlloc
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
TlsGetValue
TlsAlloc
GetCurrentThreadId
TlsFree
SetLastError
WriteFile
GetStdHandle
InitializeCriticalSection
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DebugBreak
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
LoadLibraryW
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
RaiseException
SetStdHandle

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

Sections

.text
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX0
Size: 104KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f6cec465abb47871a28e65bd13f9ab56

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

user32

kernel32

advapi32

Sections

.text Size: 111KB - Virtual size: 111KB

.rdata Size: 31KB - Virtual size: 30KB

.data Size: 5KB - Virtual size: 12KB

.UPX0 Size: 104KB - Virtual size: 252KB

.text
Size: 111KB - Virtual size: 111KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 5KB - Virtual size: 12KB

.UPX0
Size: 104KB - Virtual size: 252KB