543b6bf28b749331ce95bfeff2352c72_JaffaCakes118

General

Target

543b6bf28b749331ce95bfeff2352c72_JaffaCakes118
Size

23KB
MD5

543b6bf28b749331ce95bfeff2352c72
SHA1

401bcaae9ea615ae89eca2ed0a5c66c016b48fae
SHA256

ef662deef9dfae35ed5109b1fd36cbd65469c80a68917fd9ac047dc4785eade9
SHA512

60991bab1ed7b5eee8e1dc53392e657eda4a758d27497aaa9ad82618d1f11df2ace5fec79b92bb44e788ca1e474be19840732df0342f83ca482c14b0d2d5535d
SSDEEP

192:/r5L0aYbk/hDR2dhi6eg8FbyFmLlX8V4jsI+XKZt0WBU:/pemkjezmFgldsjXqmMU

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
543b6bf28b749331ce95bfeff2352c72_JaffaCakes118

Files

543b6bf28b749331ce95bfeff2352c72_JaffaCakes118
.exe windows:4 windows x86 arch:x86

89a5d97fd53c349d72bda6394e232491

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateEventA
GetPrivateProfileStructA
WritePrivateProfileStructA
GetSystemTimeAsFileTime
ReadFile
GetFileSize
CreateThread
Process32Next
Process32First
CreateToolhelp32Snapshot
GetModuleHandleA
GetStartupInfoA
WaitForSingleObject
TerminateThread
GetTickCount
SetEvent
ExitThread
TerminateProcess
GetShortPathNameA
lstrcpyA
lstrcatA
GetEnvironmentVariableA
GetLastError
CreateFileA
WriteFile
CloseHandle
OpenProcess
GetModuleFileNameA
FindResourceA
SizeofResource
LoadResource
LockResource
GetWindowsDirectoryA
GetSystemDirectoryA
FindFirstFileA
DeleteFileA
Sleep
VirtualAlloc
VirtualFree
LoadLibraryA
GetProcAddress
_llseek

advapi32

CryptCreateHash
CryptHashData
CryptReleaseContext
CryptDestroyHash
CryptGetHashParam
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegQueryValueExA
CryptAcquireContextA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCreateKeyA

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
??3@YAXPAX@Z
memset
_except_handler3
_local_unwind2
strcpy
strcat
strlen
sprintf
memcpy
memcmp
__CxxFrameHandler
toupper
tolower

shell32

ShellExecuteA

Sections

UPX0
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

89a5d97fd53c349d72bda6394e232491

Headers

File Characteristics

Imports

kernel32

advapi32

msvcrt

shell32

Sections

UPX0 Size: 20KB - Virtual size: 20KB

.rsrc Size: 512B - Virtual size: 4KB

.avc Size: 2KB - Virtual size: 4KB

UPX0
Size: 20KB - Virtual size: 20KB

.rsrc
Size: 512B - Virtual size: 4KB

.avc
Size: 2KB - Virtual size: 4KB