425135195505998b9407a9cc0dc9e8e6_JaffaCakes118

General

Target

425135195505998b9407a9cc0dc9e8e6_JaffaCakes118
Size

23KB
MD5

425135195505998b9407a9cc0dc9e8e6
SHA1

57ca8431bf77b6eef9c96a12afadc680f5e5a5b0
SHA256

db7e34d4decc6f9c1cc9336e0229f6e0994d525a62c0f324c7248d0f5af2e9ca
SHA512

78f72cfdb93939963e180c7708b7b4b0607b52434b21cad89a3f19f7422f5903420ad0ea217b2d69326ecc593618215fa93e5a2930337dcc9e1ba04c5e333ef6
SSDEEP

192:qVp4dGnTJjUE7VEbmhiXMTxbVNrkP+fjC1Iz3cK2O0WDf:qV7BUE7VEXGV1kP+q43cPf0f

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
425135195505998b9407a9cc0dc9e8e6_JaffaCakes118

Files

425135195505998b9407a9cc0dc9e8e6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e635ae957a8d004f945904b4bcb8802a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
CreateEventA
ReadFile
GetFileSize
_llseek
TerminateProcess
Process32First
CreateToolhelp32Snapshot
WaitForSingleObject
GetModuleHandleA
GetStartupInfoA
GetShortPathNameA
lstrcpyA
lstrcatA
GetEnvironmentVariableA
GetLastError
CreateFileA
WriteFile
CloseHandle
TerminateThread
GetTickCount
SetEvent
ExitThread
OpenProcess
GetModuleFileNameA
GetWindowsDirectoryA
GetSystemDirectoryA
FindFirstFileA
DeleteFileA
Sleep
VirtualAlloc
VirtualFree
LoadLibraryA
GetProcAddress
Process32Next

advapi32

RegSetValueExA
CryptHashData
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
RegOpenKeyExA
RegCloseKey
CryptAcquireContextA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCreateKeyA
RegQueryValueExA
CryptCreateHash

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
??3@YAXPAX@Z
memset
_except_handler3
_local_unwind2
strcpy
strstr
strcat
strlen
sprintf
memcmp
strncpy
strcmp
__CxxFrameHandler
toupper
tolower

shell32

ShellExecuteA

Sections

UPX0
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e635ae957a8d004f945904b4bcb8802a

Headers

File Characteristics

Imports

kernel32

advapi32

msvcrt

shell32

Sections

UPX0 Size: 20KB - Virtual size: 20KB

.avc Size: 2KB - Virtual size: 4KB

UPX0
Size: 20KB - Virtual size: 20KB

.avc
Size: 2KB - Virtual size: 4KB