42d477804638ec35b40de2bda2450e44_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

42d477804638ec35b40de2bda2450e44_JaffaCakes118
Size

164KB
MD5

42d477804638ec35b40de2bda2450e44
SHA1

c845ae5b0d346bed4f4ec27616ffc281de36dd07
SHA256

fb0a7cb8aa21cabc9f4139ed6015376351fbebd9fa05b9dd507085f5cb8729f9
SHA512

d8766b17732d3f348e22931858cce69ea40dbe360cab8276701abbf162cae56c87f6dfa9511338010b5a8a66dbc6d5650618102f87916c9901cdafe09d294079
SSDEEP

3072:ZXsAtEQGAvO7EHkAC0An5d+I9VtNIRxUI9:ZcgE3AnOGTxV9

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42d477804638ec35b40de2bda2450e44_JaffaCakes118

Files

42d477804638ec35b40de2bda2450e44_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3df01a27204419a7c09c6712aaf2e54f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateWaitableTimerA
FreeLibrary
GetProcAddress
LoadLibraryA
GetLastError
GetPrivateProfileStringA
lstrcpynA
GetVersionExA
SetWaitableTimer
ReadFile
CloseHandle
CreateFileA
SetEndOfFile
GetSystemInfo
WaitForSingleObject
Sleep
GetSystemDirectoryA
CreateProcessA
GetSystemTime
GetPrivateProfileIntA
WritePrivateProfileStringA
SetCurrentDirectoryA
WriteFile
GetModuleFileNameA
VirtualProtect
GetLocaleInfoA
VirtualQuery
InterlockedExchange
HeapFree
RtlUnwind
HeapAlloc
GetCommandLineA
GetProcessHeap
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
ExitProcess
GetModuleHandleA
GetACP
GetOEMCP
GetCPInfo
SetUnhandledExceptionFilter
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
SetFilePointer
LCMapStringA
LCMapStringW
SetStdHandle
FlushFileBuffers
IsBadCodePtr

advapi32

RegQueryValueExA
RegCloseKey
OpenSCManagerA
OpenServiceA
CloseServiceHandle
ControlService
QueryServiceStatus
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA
RegOpenKeyExA

wininet

InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetGetConnectedState

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 4KB - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3df01a27204419a7c09c6712aaf2e54f

Headers

File Characteristics

Imports

kernel32

advapi32

wininet

Sections

.text Size: 32KB - Virtual size: 29KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 10KB

.sxdata Size: 4KB - Virtual size: 48B

.rsrc Size: 4KB - Virtual size: 736B

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 32KB - Virtual size: 29KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 10KB

.sxdata
Size: 4KB - Virtual size: 48B

.rsrc
Size: 4KB - Virtual size: 736B

.UPX0
Size: 108KB - Virtual size: 260KB