1658102987b3099208ce10bcc8176965_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1658102987b3099208ce10bcc8176965_JaffaCakes118
Size

732KB
MD5

1658102987b3099208ce10bcc8176965
SHA1

90d1c241ec452a67403ac185ba48256acf0aa52e
SHA256

a20ccd20d3774a68993dc31a49abe3f2178da5c6acbf73d7506d7d15e21e7863
SHA512

298e760721a19c0f737f8b592d6b63e84c50edced0c03cadd4ba438166fbabd7b5f9b19a8d0d40489ed6d70e469058abf3da4143387a23762df4f36e2293e682
SSDEEP

12288:Jan3MnsN6fTT6s1vaxWZ+tQcEL2t/N2JL9jBWXHFG2Oe/43bqMYG9oVbHcXw:Ja8niMR1yxAYB/NwLrwo2hgycij

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/4.exe	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/2.exe
unpack001/3.exe
unpack001/4.exe

Files

1658102987b3099208ce10bcc8176965_JaffaCakes118
.rar
2.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

k7j65dgr

Sections

CODE
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 269B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 70B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 524B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
3.exe
.exe windows:5 windows x86 arch:x86

0dcbf6d83584fb213552a493ea58c107

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

free
sprintf
strerror
_errno
_beginthread
_endthread
_wsplitpath
_except_handler3
_heapmin
_splitpath
strncpy
fflush
_stricmp
malloc
fwrite
_snprintf
isprint
_pctype
fclose
_wfsopen
wcslen
_fsopen
_fullpath

ole32

CoCreateInstance
CoInitialize
CoUninitialize

odbc32

ord36

kernel32

GetCommandLineA
WaitForSingleObject
GetComputerNameA
GetCommandLineW
QueryPerformanceCounter
DisableThreadLibraryCalls
LoadLibraryA
GetProcAddress
GetModuleHandleA
GetSystemDirectoryA
CreateFileA
GetFileSize
MoveFileExA
GetModuleFileNameA
LocalAlloc
LocalLock
LocalUnlock
LocalFree
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetTickCount
CreateEventA
Sleep
CloseHandle
FreeLibrary
InitializeCriticalSection
MultiByteToWideChar
OutputDebugStringA
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
IsBadReadPtr
IsBadWritePtr
GetCurrentProcessId
GetCurrentThreadId
DeleteCriticalSection
SetEvent

user32

wsprintfW
DispatchMessageA
TranslateMessage
MsgWaitForMultipleObjects
PeekMessageA
wsprintfA
MessageBoxA

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 2KB - Virtual size: 21B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.iq
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.oooa
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.obb
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sef
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qwqw
Size: 2KB - Virtual size: 537B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sdsd
Size: 2KB - Virtual size: 103B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xczxc
Size: 2KB - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.asqea
Size: 2KB - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.asqeax
Size: 2KB - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 2KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
4.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 296KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 57KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 78KB - Virtual size: 77KB

DATA Size: 3KB - Virtual size: 2KB

BSS Size: - Virtual size: 269B

.idata Size: 1024B - Virtual size: 960B

.edata Size: 512B - Virtual size: 70B

.reloc Size: 1024B - Virtual size: 524B

.rsrc Size: 7KB - Virtual size: 7KB

0dcbf6d83584fb213552a493ea58c107

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ole32

odbc32

kernel32

user32

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 6KB - Virtual size: 4KB

.data Size: 2KB - Virtual size: 812B

.tls Size: 2KB - Virtual size: 21B

.iq Size: 126KB - Virtual size: 125KB

.oooa Size: 4KB - Virtual size: 2KB

.obb Size: 126KB - Virtual size: 125KB

.sef Size: 126KB - Virtual size: 125KB

.qwqw Size: 2KB - Virtual size: 537B

.sdsd Size: 2KB - Virtual size: 103B

.xczxc Size: 2KB - Virtual size: 200B

.asqea Size: 2KB - Virtual size: 200B

.asqeax Size: 2KB - Virtual size: 200B

.CRT Size: 2KB - Virtual size: 8B

.rsrc Size: 18KB - Virtual size: 16KB

.reloc Size: 2KB - Virtual size: 232B

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 296KB

UPX1 Size: 57KB - Virtual size: 60KB

.rsrc Size: 9KB - Virtual size: 12KB

CODE
Size: 78KB - Virtual size: 77KB

DATA
Size: 3KB - Virtual size: 2KB

BSS
Size: - Virtual size: 269B

.idata
Size: 1024B - Virtual size: 960B

.edata
Size: 512B - Virtual size: 70B

.reloc
Size: 1024B - Virtual size: 524B

.rsrc
Size: 7KB - Virtual size: 7KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 6KB - Virtual size: 4KB

.data
Size: 2KB - Virtual size: 812B

.tls
Size: 2KB - Virtual size: 21B

.iq
Size: 126KB - Virtual size: 125KB

.oooa
Size: 4KB - Virtual size: 2KB

.obb
Size: 126KB - Virtual size: 125KB

.sef
Size: 126KB - Virtual size: 125KB

.qwqw
Size: 2KB - Virtual size: 537B

.sdsd
Size: 2KB - Virtual size: 103B

.xczxc
Size: 2KB - Virtual size: 200B

.asqea
Size: 2KB - Virtual size: 200B

.asqeax
Size: 2KB - Virtual size: 200B

.CRT
Size: 2KB - Virtual size: 8B

.rsrc
Size: 18KB - Virtual size: 16KB

.reloc
Size: 2KB - Virtual size: 232B

UPX0
Size: - Virtual size: 296KB

UPX1
Size: 57KB - Virtual size: 60KB

.rsrc
Size: 9KB - Virtual size: 12KB