39987fe6d209a385afa0497479ad43d2_JaffaCakes118

General

Target

39987fe6d209a385afa0497479ad43d2_JaffaCakes118
Size

1.1MB
MD5

39987fe6d209a385afa0497479ad43d2
SHA1

26a57503461e4ce693ade5921f61f827bb8ae086
SHA256

e7c914e5ad586774f959125eca3df05fc07eb61beb0d145968c8361082a90ca5
SHA512

07c4af074589dd1962c2be66779b71eaac6757829f4dc662ab2f7835b47166f67dae295b1b04308c5a37fac31c55a6ee008de095dcea93e6499411d34d0ce7a5
SSDEEP

24576:GDTKk96eTPzBcTOE6IY02lSLxCSUsjcWWvvpoGvYHtFz16hz:GHKyXzB8Opp0tL0swWWhoZ8h

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
39987fe6d209a385afa0497479ad43d2_JaffaCakes118

Files

39987fe6d209a385afa0497479ad43d2_JaffaCakes118
.dll windows:5 windows x86 arch:x86

22d0241c26d944c3aab14f04ee9b0ed9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTickCount
LocalAlloc
GetCurrentProcess
GetCurrentThread
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
GetLastError
FreeLibrary
LoadLibraryA
GetModuleHandleA

user32

SetWindowsHookExA

msvcr90

strncpy

advapi32

OpenSCManagerW
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle

Exports

Exports

GetDllVersion
VulanHookDll
VulanUnHookDll

Sections

.text
Size: - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 386KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dat
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX0
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.UPX1
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 686B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

22d0241c26d944c3aab14f04ee9b0ed9

Headers

File Characteristics

Imports

kernel32

user32

msvcr90

advapi32

Exports

Exports

Sections

.text Size: - Virtual size: 77KB

.rdata Size: - Virtual size: 6KB

.data Size: - Virtual size: 386KB

.dat Size: 512B - Virtual size: 240B

.UPX0 Size: - Virtual size: 1.1MB

.UPX1 Size: 1.1MB - Virtual size: 1.1MB

.reloc Size: 512B - Virtual size: 260B

.rsrc Size: 1024B - Virtual size: 686B

.text
Size: - Virtual size: 77KB

.rdata
Size: - Virtual size: 6KB

.data
Size: - Virtual size: 386KB

.dat
Size: 512B - Virtual size: 240B

.UPX0
Size: - Virtual size: 1.1MB

.UPX1
Size: 1.1MB - Virtual size: 1.1MB

.reloc
Size: 512B - Virtual size: 260B

.rsrc
Size: 1024B - Virtual size: 686B