e88ac818bbf5d575dc2c4971f59c8a53_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e88ac818bbf5d575dc2c4971f59c8a53_JaffaCakes118
Size

298KB
MD5

e88ac818bbf5d575dc2c4971f59c8a53
SHA1

0f2ca16a1cb4591dfc8d1f9d4d166908f8c3d84f
SHA256

e2c7c073568ece0c0fa605abcca9213c80dd488fcbc79420cf89c8a8fde90fc4
SHA512

e375a720d0522dec337fec1079e7188f4e290c1d2d7b30bb69e95c6ecd749965f2772abfdda99b64d787c7472362972c1a8d9e7084b0ec5d17d99339c52cdc92
SSDEEP

6144:FXB6S0K/LiAEomH7TM6ZskDkFeL+grjndmDwztR6BjCZs12zcaUNCo+YID0:/7/lVmHMWwcL+yndgktRd0I1KCBYID0

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/2.exe	upx
static1/unpack001/9.exe	upx

Unsigned PE 11 IoCs

Checks for missing Authenticode signature.

resource
unpack001/1.exe
unpack001/2.exe
unpack002/out.upx
unpack001/3.EXE
unpack001/4.exe
unpack001/5.exe
unpack001/6.exe
unpack001/7.exe
unpack001/8.exe
unpack001/9.exe
unpack003/out.upx

Files

e88ac818bbf5d575dc2c4971f59c8a53_JaffaCakes118
.zip
1.exe
.exe windows:4 windows x86 arch:x86

79b3362178937bf9559741c46bb9e035

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetProcAddress

Sections

.text
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 982B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 520B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 12KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
2.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 108KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
3.EXE
.exe windows:1 windows x86 arch:x86

de5bce7c86daaadfdced7c5880c56d53

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

Sleep
CreateProcessA
CloseHandle
ExitProcess
WriteProcessMemory
GetModuleHandleA
OpenProcess

user32

EndPaint
DialogBoxParamA
DefWindowProcA
BeginPaint
LoadIconA
SetTimer
GetAsyncKeyState
GetWindowThreadProcessId
GetSysColor
GetDlgItem
LoadBitmapA
SendMessageA
MessageBoxA

gdi32

SetTextColor
SetBkColor
GetStockObject

Sections

CODE
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
4.exe
.exe windows:4 windows x86 arch:x86

a3dc189d70fbe60fd96f48ceea8cdbe9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetAsyncKeyState
SendMessageA
MessageBoxA
GetDlgItem
SetFocus
DialogBoxParamA
SetTimer

kernel32

WriteProcessMemory
GetModuleHandleA
CreateProcessA
ExitProcess

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 370B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
5.exe
.exe windows:6 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

LoadLi
Size: 4KB - Virtual size: 1830.1MB

Size: 56KB - Virtual size: 4B

��
Size: - Virtual size:
6.exe
.exe windows:4 windows x86 arch:x86

a3dc189d70fbe60fd96f48ceea8cdbe9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetAsyncKeyState
SendMessageA
MessageBoxA
GetDlgItem
SetFocus
DialogBoxParamA
SetTimer

kernel32

WriteProcessMemory
GetModuleHandleA
CreateProcessA
ExitProcess

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 370B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
7.exe
.exe windows:4 windows x86 arch:x86

a3dc189d70fbe60fd96f48ceea8cdbe9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetAsyncKeyState
SendMessageA
MessageBoxA
GetDlgItem
SetFocus
DialogBoxParamA
SetTimer

kernel32

WriteProcessMemory
GetModuleHandleA
CreateProcessA
ExitProcess

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 370B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
8.exe
.exe windows:4 windows x86 arch:x86

297b868068d1d25c8c3f719bc4b9c6db

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

g:\C++\Trainer\Empire Earth II\Release\PRETRAINER.pdb

Imports

kernel32

GetStringTypeA
VirtualQuery
InterlockedExchange
RtlUnwind
MultiByteToWideChar
HeapReAlloc
VirtualAlloc
HeapAlloc
GetCPInfo
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoA
VirtualProtect
lstrlenA
OpenProcess
WriteProcessMemory
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
GetProcAddress
ExitProcess
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapFree
LoadLibraryA
GetACP
GetOEMCP
GetSystemInfo

user32

DialogBoxParamA
GetClientRect
FillRect
SendMessageA
BeginPaint
LoadBitmapA
EndPaint
LoadIconA
SetTimer
GetDC
ReleaseDC
GetAsyncKeyState
GetCursorPos
SetWindowPos
GetWindowRect
SetWindowPlacement
KillTimer
PostQuitMessage
FindWindowA
GetWindowThreadProcessId

gdi32

SetBkColor
TextOutA
CreateFontA
CreateBrushIndirect
DeleteObject
CreatePen
SelectObject
MoveToEx
LineTo
CreateSolidBrush
SetBkMode
CreateCompatibleDC
GetObjectA
StretchBlt
DeleteDC
SetTextColor

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
9.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1024B - Virtual size: 780B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 370B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

79b3362178937bf9559741c46bb9e035

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: - Virtual size: 1KB

.rdata Size: - Virtual size: 982B

.data Size: - Virtual size: 520B

.rsrc Size: 2KB - Virtual size: 42KB

Size: 12KB - Virtual size: 21KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 108KB

UPX1 Size: 28KB - Virtual size: 28KB

.rsrc Size: 3KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 660B

.data Size: 10KB - Virtual size: 20KB

.rsrc Size: 94KB - Virtual size: 93KB

de5bce7c86daaadfdced7c5880c56d53

Headers

File Characteristics

Imports

kernel32

user32

gdi32

Sections

CODE Size: 1KB - Virtual size: 4KB

DATA Size: 512B - Virtual size: 4KB

.idata Size: 1024B - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

.rsrc Size: 156KB - Virtual size: 156KB

a3dc189d70fbe60fd96f48ceea8cdbe9

Headers

File Characteristics

Imports

user32

kernel32

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 512B - Virtual size: 370B

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 27KB - Virtual size: 27KB

Headers

File Characteristics

Sections

LoadLi Size: 4KB - Virtual size: 1830.1MB

Size: 56KB - Virtual size: 4B

���� Size: - Virtual size:

a3dc189d70fbe60fd96f48ceea8cdbe9

Headers

File Characteristics

Imports

user32

kernel32

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 512B - Virtual size: 370B

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 77KB - Virtual size: 77KB

a3dc189d70fbe60fd96f48ceea8cdbe9

Headers

File Characteristics

Imports

user32

kernel32

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 512B - Virtual size: 370B

.data Size: 1024B - Virtual size: 1KB

.text
Size: - Virtual size: 1KB

.rdata
Size: - Virtual size: 982B

.data
Size: - Virtual size: 520B

.rsrc
Size: 2KB - Virtual size: 42KB

UPX0
Size: - Virtual size: 108KB

UPX1
Size: 28KB - Virtual size: 28KB

.rsrc
Size: 3KB - Virtual size: 4KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 660B

.data
Size: 10KB - Virtual size: 20KB

.rsrc
Size: 94KB - Virtual size: 93KB

CODE
Size: 1KB - Virtual size: 4KB

DATA
Size: 512B - Virtual size: 4KB

.idata
Size: 1024B - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB

.rsrc
Size: 156KB - Virtual size: 156KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 512B - Virtual size: 370B

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 27KB - Virtual size: 27KB

LoadLi
Size: 4KB - Virtual size: 1830.1MB

��
Size: - Virtual size:

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 512B - Virtual size: 370B

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 77KB - Virtual size: 77KB

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 512B - Virtual size: 370B

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 77KB - Virtual size: 77KB

.text
Size: 28KB - Virtual size: 26KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 12KB - Virtual size: 10KB

UPX0
Size: - Virtual size: 52KB

UPX1
Size: 21KB - Virtual size: 24KB

.rsrc
Size: 23KB - Virtual size: 24KB

.text
Size: 1024B - Virtual size: 780B

.rdata
Size: 512B - Virtual size: 370B

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 55KB - Virtual size: 54KB