fb522934d7ef797f8c5d847a2cae3344_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fb522934d7ef797f8c5d847a2cae3344_JaffaCakes118
Size

214KB
MD5

fb522934d7ef797f8c5d847a2cae3344
SHA1

cad8ec2a279fb8ad83fd727a638829e67aafdabc
SHA256

696bfc083fa24418b299d477e1b707ba633e2b4df6450cca52eb2c14934c4f3c
SHA512

2f7fd4880c7e4ad5cdbf90ca1f8f9c7874c054935892d3f3c28539693c6aae26901da31a3b9f3a2eb41d42fb75c359a1c55a343dbf73cf93e4692d77865f9bea
SSDEEP

3072:6aaEKiVWk206dcMXc60V63wDgiRAT962wS5V3NtMaBVeu7mtsZN:H/h27cfVQwDgq662wwV3nL4uAcN

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fb522934d7ef797f8c5d847a2cae3344_JaffaCakes118

Files

fb522934d7ef797f8c5d847a2cae3344_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6d9dd9b9b803c279b7c15e531f9c0e5c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Beep
CopyFileA
CreateMutexA
CreateSemaphoreA
GetSystemDirectoryA
WaitForSingleObject
LoadLibraryA
GetWindowsDirectoryA
GetModuleHandleA
GetStartupInfoA
ReleaseMutex
ReleaseSemaphore
DeleteFileA
Sleep
CloseHandle
WriteFile
CreateFileA
EnumResourceNamesA
FreeLibrary
LockResource
SizeofResource
LoadResource
GetVersionExA
LoadLibraryExA
FindResourceA

advapi32

OpenServiceA
QueryServiceStatus
ControlService
DeleteService
RegDeleteKeyA
CloseServiceHandle
RegOpenKeyA
RegQueryValueExA
OpenSCManagerA

gdi32

CreateFontIndirectA
GetStockObject
GetObjectA

mfc42

mpr

WNetAddConnection2A
WNetCancelConnection2A

msvcirt

??1fstream@@UAE@XZ
??1ios@@UAE@XZ
??_Dfstream@@QAEXXZ
?close@fstream@@QAEXXZ
??0fstream@@QAE@XZ

msvcp60

??_7bad_alloc@std@@6B@
??1bad_alloc@std@@UAE@XZ

msvcrt

_exit
_setmbcp
??1type_info@@UAE@XZ
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_itoa
__CxxFrameHandler
free
malloc
_onexit
__dllonexit
sprintf
??1exception@@UAE@XZ
_except_handler3
_stat
fread
printf
fopen
fwrite
fclose
_controlfp

netapi32

NetServerGetInfo
NetScheduleJobAdd
NetRemoteTOD
NetApiBufferFree

shell32

ShellExecuteA

user32

wsprintfA
GetSystemMenu
DrawIcon
GetClientRect
LoadIconA
EnableWindow
SendMessageA
TranslateMessage
PeekMessageA
AppendMenuA
GetSystemMetrics
IsIconic
PostMessageA
DispatchMessageA
LoadCursorA
CopyIcon
SetCursor
InvalidateRect
MessageBeep

wsock32

gethostbyname
send
recv
htonl
bind
setsockopt
WSASetLastError
WSAGetLastError
WSAStartup
WSACleanup
socket
inet_addr
htons
connect
closesocket

Sections

UPX0
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.packet
Size: 4KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6d9dd9b9b803c279b7c15e531f9c0e5c

Headers

File Characteristics

Imports

kernel32

advapi32

gdi32

mfc42

mpr

msvcirt

msvcp60

msvcrt

netapi32

shell32

user32

wsock32

Sections

UPX0 Size: 204KB - Virtual size: 204KB

.rsrc Size: 5KB - Virtual size: 8KB

.packet Size: 4KB - Virtual size: 19KB

UPX0
Size: 204KB - Virtual size: 204KB

.rsrc
Size: 5KB - Virtual size: 8KB

.packet
Size: 4KB - Virtual size: 19KB