f2b5439763b17cc582c9d59775cf46fa_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f2b5439763b17cc582c9d59775cf46fa_JaffaCakes118
Size

189KB
MD5

f2b5439763b17cc582c9d59775cf46fa
SHA1

699657e4e826a515479ae3d545dbe79641a83ff1
SHA256

a41f4b39348d63d67543fd88cf900616893b57bc39c019196b32ce08e453c334
SHA512

52554acfb67210bb28fa8cbaa0ac1ed88950a8bdb88fd2f3f63b608f135d36442cc9585d2964ac84f025dfdcae30e4f28d6e4ca1b135018c2ccc03e5ad8936db
SSDEEP

3072:gRq4X6zBQmpdQKpiffn2E/bxS67VuT/YtmVeKXosa5WKGQd/:gYJhlpEnXNYAoVItWKG8/

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f2b5439763b17cc582c9d59775cf46fa_JaffaCakes118

Files

f2b5439763b17cc582c9d59775cf46fa_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1ec7472e7b6b37fd6f942993674bbe7f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
ReportEventW
RegSetValueExW
SetServiceStatus
RegEnumKeyExW
QueryTraceW
CreateProcessAsUserW
UpdateTraceW
DeregisterEventSource
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
RegisterEventSourceW
ControlService
CloseServiceHandle
OpenServiceW
OpenSCManagerW
StopTraceW
EnableTrace
StartTraceW
WmiNotificationRegistrationW

kernel32

FormatMessageW
LoadLibraryW
lstrcpyW
HeapFree
lstrlenW
HeapAlloc
GetProcessHeap
CloseHandle
GetLastError
CreateFileW
SetErrorMode
ExpandEnvironmentStringsW
SystemTimeToFileTime
GetLocalTime
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
lstrcmpiW
CreateDirectoryW
GetFullPathNameW
lstrcpynW
CreateProcessW
SetEvent
CreateThread
CreateEventW
GetSystemTimeAsFileTime
DeleteCriticalSection
FreeLibrary
ResetEvent
Sleep
InitializeCriticalSection
GetModuleHandleW
lstrcatW
SetLastError
SetThreadPriority
GetCurrentThread
GetModuleHandleA
GetCommandLineA
GetVersionExA
WideCharToMultiByte
ExitProcess
GetProcAddress
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
MultiByteToWideChar
LCMapStringA
LCMapStringW
LoadLibraryA
GetACP
GetOEMCP
GetCPInfo
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
RtlUnwind
SetFilePointer
SetStdHandle
FlushFileBuffers
WaitForMultipleObjects

user32

LoadStringW

ntdll

NtWaitForSingleObject
NtWaitForMultipleObjects

netapi32

NetMessageBufferSend

shlwapi

ord439

pdh

PdhPlaGetLogFileNameW
PdhPlaGetInfoW
PdhiPlaRunAs
PdhSetDefaultRealTimeDataSource
PdhAddCounterW
PdhAdd009CounterW
PdhGetFormattedCounterValue
PdhCollectQueryData
PdhCloseQuery
PdhOpenQueryH
PdhGetLogFileSize
PdhCloseLog
PdhUpdateLogW
PdhOpenLogW
PdhExpandWildCardPathW
PdhParseCounterPathW
PdhiPlaFormatBlanksW

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1ec7472e7b6b37fd6f942993674bbe7f

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

ntdll

netapi32

shlwapi

pdh

Sections

.text Size: 59KB - Virtual size: 59KB

.data Size: 2KB - Virtual size: 8KB

.rsrc Size: 18KB - Virtual size: 17KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 59KB - Virtual size: 59KB

.data
Size: 2KB - Virtual size: 8KB

.rsrc
Size: 18KB - Virtual size: 17KB

.UPX0
Size: 108KB - Virtual size: 260KB