14e4f3a84621d7fc78f9db789d02a39c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

14e4f3a84621d7fc78f9db789d02a39c_JaffaCakes118
Size

228KB
MD5

14e4f3a84621d7fc78f9db789d02a39c
SHA1

858510585ba140a59e37df6e618e149e8ce85f3b
SHA256

e403612faa953ec16582c9a3e8a6271b10bdfce2bb7a41ebd0356a54e255d639
SHA512

85a039446f758e4ec4e6d9854bf64797e914c6088d4b8bf5cb72bb18f424b800f5aa0d9dbc181a65775bcdbf9ee90e9c0edd024fc1e71747fd6dcc7fa1af1682
SSDEEP

768:/Tc5fZ5VyRfTJuUZZUGZUtUm1FqVweaf4m2GcO8zCX6OR:/TaZSpTJuUZJZ9qF6weCwO8zCh

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
14e4f3a84621d7fc78f9db789d02a39c_JaffaCakes118

Files

14e4f3a84621d7fc78f9db789d02a39c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0fa8bb2fc5997f5f1fcc6c8373f8db72

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GlobalMemoryStatus
GlobalFree
GlobalAlloc
GetWindowsDirectoryA
LocalAlloc
GetVersionExA
MapViewOfFile
MultiByteToWideChar
OpenProcess
CloseHandle
Process32First
GetVolumeInformationA
LocalFree
lstrlenW
lstrlenA
lstrcpynA
lstrcpyA
lstrcmpiA
lstrcmpA
lstrcatA
WriteFile
WideCharToMultiByte
UnmapViewOfFile
Sleep
GetTickCount
GetTempPathA
GetSystemDirectoryA
GetProcAddress
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
GetPrivateProfileIntA
GetModuleFileNameA
GetLogicalDrives
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileSize
GetDriveTypeA
GetDiskFreeSpaceA
GetCurrentProcess
GetCurrentDirectoryA
GetComputerNameA
FindNextFileA
FindFirstFileA
FindClose
ExitProcess
DeleteFileA
CreateToolhelp32Snapshot
CreateThread
CreateMutexA
CreateFileMappingA
CreateFileA
Process32Next

advapi32

RegOpenKeyA
StartServiceA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
DeleteService
RegEnumValueA
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyA
RegCloseKey
OpenSCManagerA
OpenProcessToken
LookupPrivilegeValueA
GetUserNameA
CreateServiceA
CloseServiceHandle
AdjustTokenPrivileges

gdi32

GetDeviceCaps

ole32

OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoTaskMemFree
CoCreateInstance

oleaut32

SafeArrayAccessData
SafeArrayUnaccessData
SysAllocString
SysFreeString
SafeArrayCreateVector
SafeArrayDestroy

rasapi32

RasGetEntryDialParamsA
RasGetEntryPropertiesA
RasEnumEntriesA

shlwapi

PathFileExistsA
StrChrA
StrStrIA
StrRChrA
StrCmpNA

user32

GetDlgCtrlID
wsprintfA
FindWindowA
ReleaseDC
SendMessageA
FindWindowExA
GetDC

wininet

InternetGetConnectedState

ws2_32

WSAIoctl

wsock32

gethostname
closesocket
WSAStartup
socket

Sections

UPX0
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0fa8bb2fc5997f5f1fcc6c8373f8db72

Headers

File Characteristics

Imports

kernel32

advapi32

gdi32

ole32

oleaut32

rasapi32

shlwapi

user32

wininet

ws2_32

wsock32

Sections

UPX0 Size: 224KB - Virtual size: 224KB

.avp Size: 3KB - Virtual size: 4KB

UPX0
Size: 224KB - Virtual size: 224KB

.avp
Size: 3KB - Virtual size: 4KB