0a18b4dd55afc6ff783e1f1f48cb4c92_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0a18b4dd55afc6ff783e1f1f48cb4c92_JaffaCakes118
Size

136KB
MD5

0a18b4dd55afc6ff783e1f1f48cb4c92
SHA1

44b35adf264245dba142a568467cb1e53063c566
SHA256

ddf80d12364b16235f4953f613436d72ca2206a980697f29929caaf118038ba4
SHA512

11db843a88bb402406caaa472544c469c50c102d5ca62af168f1cec10e07eb428dd534324ed3aa38e0e7aef936532b4466df457f5254e47e554893b94fb70c33
SSDEEP

3072:310ug/TdpWwzHrX77vvT3pT8vsxtTBf6+vxp/:310u2qEHfbvTZT8vsxtTBvvxp/

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0a18b4dd55afc6ff783e1f1f48cb4c92_JaffaCakes118

Files

0a18b4dd55afc6ff783e1f1f48cb4c92_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a9a2164d1db6a426effe387ee15e6859

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFilePointer
CreateEventA
ResetEvent
WaitForMultipleObjects
WriteFile
CopyFileA
GetSystemDirectoryA
GetTempPathA
CreateFileA
ReadFile
DeleteFileA
SetEvent
OpenEventA
CloseHandle
GetModuleFileNameA
GetFileSize
GetStartupInfoA
GetModuleHandleA
GlobalAlloc
GlobalFree
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
HeapLock
HeapWalk
HeapUnlock
HeapFree
HeapAlloc
HeapDestroy
HeapCreate
GetExitCodeProcess
CreatePipe
GetCurrentProcess
DuplicateHandle
CreateProcessA
GetVolumeInformationA
GetDriveTypeA
CreateDirectoryA
FindFirstFileA
FindNextFileA
FindClose
GetCurrentProcessId
TerminateProcess
OpenProcess
GetLongPathNameA
CreateToolhelp32Snapshot
Process32First
Process32Next
WaitForSingleObject
GetTickCount
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetExitCodeThread
CreateThread
Sleep

advapi32

RegDeleteValueA
RegCloseKey
RegSetValueExA
RegCreateKeyExA

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

gdi32

CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetObjectA
CreateDCA
GetDIBits

gdiplus

GdiplusStartup
GdipFree
GdipLoadImageFromFile
GdipSaveImageToFile
GdipDisposeImage
GdipGetImageEncodersSize
GdipCloneImage
GdiplusShutdown
GdipGetImageEncoders
GdipAlloc

mfc42

msvcrt

strlen
strcpy
strcmp
free
pow
memcpy
memcmp
memset
malloc
_controlfp
_purecall
_ftol
rand
srand
_CxxThrowException
strrchr
__CxxFrameHandler
sprintf
strstr
??1type_info@@UAE@XZ
_onexit
__dllonexit
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
strchr
wcscmp

ole32

CoInitialize
CoCreateGuid
CoUninitialize
StringFromGUID2

psapi

EnumProcessModules
GetModuleFileNameExA

shell32

SHFileOperationA
ShellExecuteA

user32

GetMessageA
GetWindowTextA
GetWindowThreadProcessId
GetWindowLongA
GetWindow
GetDesktopWindow
PostThreadMessageA
FindWindowA
GetSystemMetrics
DestroyWindow
SendMessageA
IsWindow
MessageBoxA
PostMessageA

winmm

timeKillEvent
timeSetEvent

ws2_32

WSAIoctl

Sections

UPX0
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a9a2164d1db6a426effe387ee15e6859

Headers

File Characteristics

Imports

kernel32

advapi32

avicap32

gdi32

gdiplus

mfc42

msvcrt

ole32

psapi

shell32

user32

winmm

ws2_32

Sections

UPX0 Size: 132KB - Virtual size: 132KB

.avc Size: 3KB - Virtual size: 4KB

UPX0
Size: 132KB - Virtual size: 132KB

.avc
Size: 3KB - Virtual size: 4KB