29f8565ba8da5e667a0663eedfb8954a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

29f8565ba8da5e667a0663eedfb8954a_JaffaCakes118
Size

179KB
MD5

29f8565ba8da5e667a0663eedfb8954a
SHA1

5c4f0361c34c6280035d7ead8faedc2644896336
SHA256

5998fd6f7e121ba567ce02cccdf8075b9ab697c18327064d7b375b44388c6130
SHA512

f97cc106349eee3c100be35c845fbf68c3800d7051b1bf97241709672bffb5c24c75f3696b2e6285820eab818f19706a92b2404b41ae8d3594d53320b027ff58
SSDEEP

1536:pwi2e++4OUc5DRu1uU6An3DP53ZbYhBu2ItuHkzo02a3Mywp5xnWbEWlC04vLHac:i+4E598D6A3DxZrlwpfWlC04THDgnW

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29f8565ba8da5e667a0663eedfb8954a_JaffaCakes118

Files

29f8565ba8da5e667a0663eedfb8954a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1a14c8028188a4a4679a740270e10aef

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocaleInfoA
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
GetThreadLocale
Sleep
GetStringTypeW
GetStringTypeA
InterlockedExchange
WinExec
GetWindowsDirectoryA
HeapAlloc
lstrlenW
EnterCriticalSection
ReadFile
lstrlenA
GetSystemDirectoryA
LeaveCriticalSection
GetProcAddress
SetFileAttributesA
WaitForSingleObject
InitializeCriticalSection
GetProcessHeap
GetShortPathNameA
MapViewOfFile
UnmapViewOfFile
CreateFileA
GetModuleFileNameA
GetFileSize
OpenFileMappingA
FindClose
GetModuleHandleA
GetVersionExA
LoadLibraryA
SetFilePointer
HeapFree
FindFirstFileA
FreeLibrary
WideCharToMultiByte
CloseHandle
DeleteFileA
WriteFile
MultiByteToWideChar
GetLastError
RemoveDirectoryA
OpenProcess
VirtualAlloc
FindNextFileA
TerminateProcess
GetTempPathA
SetFileAttributesW
SuspendThread
CreateRemoteThread
SetPriorityClass
GetFullPathNameA
GetLongPathNameA
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
RaiseException
RtlUnwind
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
ExitProcess
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
LCMapStringA
LCMapStringW

advapi32

RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegEnumValueA
RegDeleteKeyA
RegCloseKey
RegCreateKeyExA
RegQueryValueExA
RegEnumKeyExA

gdi32

SetPixel
SetBkMode
GetStockObject
SelectObject
SetTextColor
CreateFontA
TextOutA

ole32

CoUninitialize
CoInitialize

shell32

SHGetSpecialFolderPathA

shlwapi

SHDeleteValueA
SHDeleteKeyA
SHGetValueA

user32

IsWindow
PostMessageA
EnumWindows
GetWindowThreadProcessId
EnableWindow
GetDlgItem
GetDlgItemTextA
DialogBoxParamA
EndDialog
FillRect
GetDC
MessageBoxA
GetClientRect
ReleaseDC
SetWindowTextA
UpdateWindow

Sections

UPX0
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1a14c8028188a4a4679a740270e10aef

Headers

File Characteristics

Imports

kernel32

advapi32

gdi32

ole32

shell32

shlwapi

user32

Sections

UPX0 Size: 172KB - Virtual size: 172KB

.rsrc Size: 3KB - Virtual size: 4KB

.avc Size: 3KB - Virtual size: 4KB

UPX0
Size: 172KB - Virtual size: 172KB

.rsrc
Size: 3KB - Virtual size: 4KB

.avc
Size: 3KB - Virtual size: 4KB