11d96ee4474eb83aab14b0585e899b3b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

11d96ee4474eb83aab14b0585e899b3b_JaffaCakes118
Size

152KB
MD5

11d96ee4474eb83aab14b0585e899b3b
SHA1

868fe4f88ddff3a2fd328999d0eda9ffeeadd9cc
SHA256

6433ffc591dac687741ea6ef7b2199fa8270c490ab47bec585524efa543fc8ec
SHA512

19dadafd61790c42541364fd5872b7cd16b8c48647d2c7a211b55b8602d29c0e73a194fed4329036297b2757fee19f9b1928bc2c88f5372ceb9a3708ffc26546
SSDEEP

3072:nXZtz+lEqO0szct8JmSdm8YJCsWGUdUNcFMlAjPfLZf+l1I/rg9I2ktYVtvn4xkz:nXjeozct8JmSdm8YJCsWGUdUNcFMl6fE

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
11d96ee4474eb83aab14b0585e899b3b_JaffaCakes118

Files

11d96ee4474eb83aab14b0585e899b3b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cfcaffef2892a63d7a1ffd86dee5b27d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

u:\Restricted\Users\Diby\Clearcase\WDM_Proj_Ver_2\Dev_Setup\Wdm\Install\DxMsiSetup\DxMsiSetup\Release\DxMsiSetup.pdb

Imports

shlwapi

PathFileExistsA
PathRemoveFileSpecA
PathAddBackslashA

kernel32

GetTickCount
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetSystemInfo
GetProcAddress
GetModuleHandleA
GetVersionExA
CloseHandle
WaitForSingleObject
CreateProcessA
GetUserDefaultUILanguage
SetCurrentDirectoryA
GetModuleFileNameA
LCMapStringW
MultiByteToWideChar
LCMapStringA
HeapSize
HeapReAlloc
VirtualAlloc
HeapAlloc
GetCPInfo
GetOEMCP
GetACP
VirtualQuery
InterlockedExchange
RtlUnwind
LoadLibraryA
HeapFree
VirtualFree
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
ExitProcess
GetStartupInfoA
GetCommandLineA
QueryPerformanceCounter
VirtualProtect
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW

user32

GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
LoadIconA
LoadCursorA
RegisterClassExA
DefWindowProcA
LoadAcceleratorsA
BeginPaint
EndPaint
PostQuitMessage
EndDialog
CreateWindowExA
ShowWindow
UpdateWindow
DestroyWindow
LoadStringA
MessageBoxA
DialogBoxParamA

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cfcaffef2892a63d7a1ffd86dee5b27d

Headers

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

user32

Sections

.text Size: 20KB - Virtual size: 17KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 8KB - Virtual size: 4KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 8KB - Virtual size: 4KB

.UPX0
Size: 108KB - Virtual size: 260KB