efe96fe6c7129bd0e6b612d29cfc6658_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

efe96fe6c7129bd0e6b612d29cfc6658_JaffaCakes118
Size

420KB
MD5

efe96fe6c7129bd0e6b612d29cfc6658
SHA1

dcdfb31292ed7c03bb5589cadf7fce3eaefdc060
SHA256

e4d5f5946ade3993b5267ed10e336e29364dbed02a1eeab36410321ea6a1e3a4
SHA512

5b458fbef0de184c84491662faefa2f2c3a6e59512b565a98e6aeabfc8740ee197518fdd08211ff19e77d039f8a80ed5e72071a07e699f1d45b14cdc374df274
SSDEEP

6144:HJRbAmfejcwRsz9ep5qDbO/bWBuNBXYAiLJdFEPQYkSna4rk1Rp2yn:pQcPz9epge/6BuIAilEPnJY7Eg

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
efe96fe6c7129bd0e6b612d29cfc6658_JaffaCakes118

Files

efe96fe6c7129bd0e6b612d29cfc6658_JaffaCakes118
.exe windows:4 windows x86 arch:x86

95458d703b809777000690271163e1b5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Documents and Settings\Administrator\My Documents\projects\Ai Suite\CPU level up help\CpuLevelUpHook32\CpuLevelUpHook32\CpuLevelUpHook32\Release\CpuLevelUpHook32.pdb

Imports

kernel32

GetTickCount
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
RtlUnwind
ExitProcess
RaiseException
HeapReAlloc
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
SetUnhandledExceptionFilter
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
GetFileTime
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
Sleep
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
GetFileAttributesW
FileTimeToLocalFileTime
FileTimeToSystemTime
SetErrorMode
lstrlenA
CreateFileW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
InterlockedIncrement
FormatMessageW
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalFree
LocalAlloc
GlobalFlags
MulDiv
GetModuleHandleA
InterlockedDecrement
GlobalFindAtomW
CompareStringW
GetVersionExA
GlobalUnlock
lstrlenW
WritePrivateProfileStringW
FreeResource
GlobalFree
GetCurrentProcessId
GetLastError
SetLastError
GlobalAddAtomW
CloseHandle
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
GetModuleFileNameW
GetVersion
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
LoadLibraryW
WideCharToMultiByte
CompareStringA
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
InterlockedExchange
GlobalLock
lstrcmpW
GlobalAlloc
GetModuleHandleW
GetModuleFileNameA
FreeLibrary
OutputDebugStringW
GetProcAddress
QueryPerformanceCounter
LoadLibraryA

user32

UnregisterClassW
RegisterClipboardFormatW
PostThreadMessageW
CopyAcceleratorTableW
CharNextW
ReleaseCapture
SetCapture
LoadCursorW
GetSysColorBrush
CharUpperW
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextW
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
EqualRect
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowLongW
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
GetMenuState
DestroyMenu
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
SetRect
GetCapture
IsRectEmpty
EnableMenuItem
CheckMenuItem
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
GetWindowThreadProcessId
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
MessageBoxW
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
PostMessageW
PostQuitMessage
GetClientRect
GetSystemMetrics
SendMessageW
EnableWindow
IsIconic
LoadIconW
DrawIcon
UnregisterClassA

gdi32

ExtSelectClipRgn
DeleteDC
Escape
GetStockObject
GetDeviceCaps
GetBkColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
ExtTextOutW
TextOutW
RectVisible
PtVisible
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetTextColor
CreateBitmap
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
RestoreDC
SaveDC
GetObjectW
SetBkColor
SetTextColor
GetClipBox
SelectObject

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shlwapi

PathFindFileNameW
PathStripToRootW
PathFindExtensionW
PathIsUNCW

oledlg

OleUIBusyW

ole32

OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoRevokeClassObject
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

VariantCopy
SysAllocString
SafeArrayDestroy
SystemTimeToVariantTime
VariantTimeToSystemTime
OleCreateFontIndirect
SysStringLen
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysFreeString

Sections

.text
Size: 204KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

95458d703b809777000690271163e1b5

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 204KB - Virtual size: 201KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 12KB - Virtual size: 26KB

.rsrc Size: 40KB - Virtual size: 36KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 204KB - Virtual size: 201KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 12KB - Virtual size: 26KB

.rsrc
Size: 40KB - Virtual size: 36KB

.UPX0
Size: 108KB - Virtual size: 260KB