fdaccf77fd4fa0b8232b4f27f105d457_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fdaccf77fd4fa0b8232b4f27f105d457_JaffaCakes118
Size

130KB
MD5

fdaccf77fd4fa0b8232b4f27f105d457
SHA1

a48fce1fd25ce722950ff79cceb84cc553805c18
SHA256

7491bd6503c5d8f5c995309a931cf12aff5a35398c815533fb84ad36f38586a7
SHA512

d92ba567651013ad249c24bcf86b7f3cb596c3e3eba64c6bbea90136e2b2ea45d7f0a5c4d036387698782de1eb0e8a8790d0dc70b011bcdefbcd798c2a32a948
SSDEEP

1536:u8hDVTt/bnc3I22me9+0js+A+7DFSTCvzS5+Hg1JllkHOQ/75tVRBt/:uKDEe9w8SOvzSN1JAHOk7XVRr

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fdaccf77fd4fa0b8232b4f27f105d457_JaffaCakes118

Files

fdaccf77fd4fa0b8232b4f27f105d457_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

e91611d97d87312dfb44b4b7d774612d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
GetCommandLineA
ExitProcess
HeapSize
TerminateProcess
HeapReAlloc
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetCurrentProcess
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
FlushFileBuffers
SetFilePointer
WriteFile
GetOEMCP
GetCPInfo
GlobalFlags
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
lstrcmpW
FreeLibrary
GlobalDeleteAtom
lstrcmpA
LoadLibraryA
SetErrorMode
GetModuleHandleA
GetProcAddress
GetModuleFileNameA
lstrcpyA
lstrcatA
GetCurrentThreadId
CloseHandle
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
SetLastError
GlobalFree
FindResourceA
LoadResource
LockResource
SizeofResource
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
lstrcpynA
LocalFree
InterlockedIncrement
InterlockedDecrement
lstrlenA
lstrcmpiA
GetVersion
DeleteCriticalSection
InitializeCriticalSection
GetLastError
RaiseException
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
SetHandleCount
InterlockedExchange

comctl32

gdi32

DeleteDC
GetStockObject
TextOutA
RectVisible
PtVisible
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
GetDeviceCaps
SetMapMode
RestoreDC
SaveDC
DeleteObject
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
ExtTextOutA

oleaut32

shell32

DoEnvironmentSubstA
ShellExecuteA

shlwapi

PathFindExtensionA
PathFindFileNameA

urlmon

URLDownloadToFileA

user32

GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ClientToScreen
SetWindowTextA
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetWindowTextA
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
LoadIconA
SetForegroundWindow
GetClientRect
GetMenu
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
CopyRect
PtInRect
GetWindow
SetMenuItemBitmaps
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
MessageBoxA
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
LoadCursorA
GetSystemMetrics
GetDC
ReleaseDC
DestroyMenu
MapWindowPoints
GetSysColor
GetSysColorBrush
PostMessageA
PostQuitMessage
SetWindowsHookExA
CallNextHookEx
DispatchMessageA
SendMessageA
GetKeyState
PeekMessageA
ValidateRect
UnhookWindowsHookEx
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
UnregisterClassA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e91611d97d87312dfb44b4b7d774612d

Headers

File Characteristics

Imports

kernel32

comctl32

gdi32

oleaut32

shell32

shlwapi

urlmon

user32

winspool.drv

Exports

Exports

Sections

UPX0 Size: 124KB - Virtual size: 124KB

UPX2 Size: 1024B - Virtual size: 4KB

.avp Size: 4KB - Virtual size: 8KB

UPX0
Size: 124KB - Virtual size: 124KB

UPX2
Size: 1024B - Virtual size: 4KB

.avp
Size: 4KB - Virtual size: 8KB