f8ed30e4a37ce22826a8698eeaaac42a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f8ed30e4a37ce22826a8698eeaaac42a_JaffaCakes118
Size

261KB
MD5

f8ed30e4a37ce22826a8698eeaaac42a
SHA1

dd6b782578e3747e0bbfca5513e2ee76c01cab4b
SHA256

0c35798e10c5d1fd5e9ce2489a413a58c72ece346a1b32c4784b2853eaeff70c
SHA512

41033b32f49012564f666c09c52d4218b5db0e80b1f2fd7239d585915da75a85a109d450ce43d7b9db1ab146d0e1c987a35c9dde744f726df27d200341df2ad6
SSDEEP

6144:IayqTuLw5F88SgCpsS1EbAD7im4vpDVL7RQQZQf6KAe8ihh:yCua88SEjbEwvpZBZQfZhh

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f8ed30e4a37ce22826a8698eeaaac42a_JaffaCakes118

Files

f8ed30e4a37ce22826a8698eeaaac42a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

daaa849a0f5684c1f3f8f8d49dbe9af0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
FreeLibrary
GetModuleHandleA
InitializeCriticalSection
GetLocalTime
GetCurrentProcessId
GetCurrentThreadId
GetCurrentDirectoryA
CreateMutexA
LocalFree
GetVersionExA
GetLastError
LoadLibraryA
WaitForSingleObject
ExitProcess
RaiseException
QueryPerformanceCounter
GetTickCount
HeapCreate
IsBadWritePtr
TlsAlloc
SetUnhandledExceptionFilter
GetACP
GetOEMCP
GetCPInfo
GetCurrentProcess
GetStartupInfoA
GetEnvironmentStringsW
IsBadReadPtr
IsBadCodePtr
GetSystemInfo
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CreateDirectoryA
GetProcAddress

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
InitializeSecurityDescriptor
GetSidLengthRequired
InitializeAcl
InitializeSid
GetSidSubAuthority
AddAccessAllowedAce
SetSecurityDescriptorDacl
IsValidSecurityDescriptor

shell32

SHGetFolderPathA

msasn1

ASN1BEREncCheck
ASN1BERDecGeneralizedTime
ASN1_GetEncoderOption
ASN1BEREncLength
ASN1BERDecBool
ASN1BERDecSXVal
ASN1BEREncChar16String
ASN1BERDecCharString
ASN1BEREncChar32String
ASN1char32string_free
ASN1BEREncCharString
ASN1CEREncUTCTime
ASN1BERDecNull
ASN1_SetDecoderOption
ASN1bitstring_cmp
ASN1char32string_cmp
ASN1_CreateEncoder
ASN1BERDecLength
ASN1BEREncOpenType
ASN1BEREncSX

msident

DllGetClassObject

Sections

UPX1
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 86KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxVhJ
Size: 4KB - Virtual size: 943KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 131KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

daaa849a0f5684c1f3f8f8d49dbe9af0

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

msasn1

msident

Sections

UPX1 Size: 7KB - Virtual size: 7KB

.text Size: 17KB - Virtual size: 17KB

.rdata Size: 2KB - Virtual size: 4KB

.edata Size: 86KB - Virtual size: 134KB

.gxVhJ Size: 4KB - Virtual size: 943KB

.data Size: 8KB - Virtual size: 255KB

.edata Size: 131KB - Virtual size: 224KB

.rsrc Size: 2KB - Virtual size: 2KB

UPX1
Size: 7KB - Virtual size: 7KB

.text
Size: 17KB - Virtual size: 17KB

.rdata
Size: 2KB - Virtual size: 4KB

.edata
Size: 86KB - Virtual size: 134KB

.gxVhJ
Size: 4KB - Virtual size: 943KB

.data
Size: 8KB - Virtual size: 255KB

.edata
Size: 131KB - Virtual size: 224KB

.rsrc
Size: 2KB - Virtual size: 2KB