5f350f835d69694a52034e27368bd11f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5f350f835d69694a52034e27368bd11f_JaffaCakes118
Size

1.5MB
MD5

5f350f835d69694a52034e27368bd11f
SHA1

c44793f8a5c3b602683c7ff7503fadab0c76e44b
SHA256

eae2c27ee62f73e9c9195e71204e2d4f2787e6231cefcce70259464d6fbac6cc
SHA512

7cacee45091594b39353f7f6d4f176824155ee053898b13aece12e6b6d1939ec2587c29510ef9ebe9809764fe8366fd99e6d5aeeb89e78925da1800cdd7e18f0
SSDEEP

24576:ez+V3WjGpEF8hxNCPlmreUoe/MeEnWUwJ0dKjMAD0Y4YJXdz:ezsDjhxNQRyUtWUUMAYYjz

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/One_Hit_kill/wpeproalpha0_9a/convertor.exe	upx

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/One_Hit_kill/wpeproalpha0_9a/PermEdit.exe
unpack001/One_Hit_kill/wpeproalpha0_9a/convertor.exe
unpack001/One_Hit_kill/wpeproalpha0_9a/БЕЗ ПАЛЕВА/Explorer.exe
unpack001/One_Hit_kill/wpeproalpha0_9a/БЕЗ ПАЛЕВА/fmod.dll
unpack001/One_Hit_kill/wpeproalpha0_9a/БЕЗ ПАЛЕВА/smk_Edit.exe

Files

5f350f835d69694a52034e27368bd11f_JaffaCakes118
.rar
One_Hit_kill/1.txt
One_Hit_kill/Instruction.txt
One_Hit_kill/wpe_video/Thumbs.db
One_Hit_kill/wpe_video/wpe.avi
One_Hit_kill/wpeproalpha0_9a/PermEdit.exe
.exe windows:4 windows x86 arch:x86

dd1a26fe6b1fb0279af5964ce3367763

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegOpenKeyExA
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

gdi32

CreateSolidBrush
DeleteObject
GetStockObject
SetBkColor
SetBkMode
SetTextColor
MoveToEx

kernel32

CloseHandle
EnumResourceNamesA
ExitProcess
FlushFileBuffers
FreeEnvironmentStringsA
GetCommandLineA
GetEnvironmentStringsA
GetLastError
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetSystemInfo
GetVersionExA
GlobalAlloc
GlobalFree
LoadLibraryA
MultiByteToWideChar
ReadFile
SetEndOfFile
SetErrorMode
SetFilePointer
SetLastError
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WideCharToMultiByte
WriteFile
OpenProcess
RtlMoveMemory
Process32First
Process32Next
CreateToolhelp32Snapshot

ole32

CoInitialize
CoUninitialize

oleaut32

SafeArrayCreate
SysAllocStringByteLen
SysFreeString
SysStringByteLen
VariantClear
VariantCopy

user32

CheckRadioButton
ClientToScreen
CreateDialogIndirectParamA
CreateDialogParamA
CreateMenu
CreatePopupMenu
CreateWindowExA
DeleteMenu
DestroyIcon
DestroyWindow
DialogBoxIndirectParamA
DispatchMessageA
DrawMenuBar
EnableWindow
EndDialog
GetClassNameA
GetClientRect
GetDialogBaseUnits
GetDlgCtrlID
GetDlgItem
GetMenu
GetMenuItemInfoA
GetSysColor
GetSysColorBrush
GetWindowLongA
GetWindowRect
GetWindowTextA
GetWindowTextLengthA
InsertMenuItemA
IsDialogMessageA
IsWindow
LoadImageA
MapDialogRect
MessageBoxA
PeekMessageA
PostMessageA
RedrawWindow
ScreenToClient
SendMessageA
SetCursor
SetFocus
SetMenu
SetMenuItemInfoA
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
TrackPopupMenu
TranslateMessage
DialogBoxParamA
GetWindow

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.link
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rloc
Size: 512B - Virtual size: 508B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
One_Hit_kill/wpeproalpha0_9a/convertor.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 308KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 160KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
One_Hit_kill/wpeproalpha0_9a/help.txt
One_Hit_kill/wpeproalpha0_9a/БЕЗ ПАЛЕВА/Explorer.exe
.exe windows:4 windows x86 arch:x86

87bed5a7cba00c7e1f4015f1bdae2183

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress

Sections

��t
Size: - Virtual size: 988KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

��ta
Size: 369KB - Virtual size: 372KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

��a
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
One_Hit_kill/wpeproalpha0_9a/БЕЗ ПАЛЕВА/fmod.dll
.dll windows:4 windows x86 arch:x86

c8bf43826d3943b2eea961ec88d9c3f0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetLastError
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcessId
InterlockedIncrement
TlsSetValue
TlsAlloc
TlsFree
GetModuleHandleA
CreateThread
InitializeCriticalSection
DeleteCriticalSection
GlobalFree
GlobalUnlock
GlobalHandle
GlobalLock
GlobalAlloc
InterlockedDecrement
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
GetOEMCP
GetACP
GetCPInfo
VirtualProtect
FlushInstructionCache
GetCurrentProcess
FreeLibrary
GetProcAddress
LoadLibraryA
RtlUnwind
GetCommandLineA
GetVersion
HeapAlloc
HeapFree
ExitProcess
TerminateProcess
GetCurrentThreadId
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
HeapReAlloc

user32

RegisterWindowMessageA
IsWindow
DefWindowProcA
DispatchMessageA
TranslateMessage
SendMessageA
DestroyWindow
UnregisterClassA
RegisterClassA
MessageBoxA
CreateWindowExA
GetMessageA

wsock32

ntohs
inet_addr
getpeername
getsockname
send

Exports

Exports

GetFilterState
SetClientHwnd
SetFilter
SetFilterState
SetLoggingActi
SetTargetPid

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.WPEPRO_
Size: 120KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
One_Hit_kill/wpeproalpha0_9a/БЕЗ ПАЛЕВА/smk_Edit.exe
.exe windows:4 windows x86 arch:x86

dd1a26fe6b1fb0279af5964ce3367763

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegOpenKeyExA
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

gdi32

CreateSolidBrush
DeleteObject
GetStockObject
SetBkColor
SetBkMode
SetTextColor
MoveToEx

kernel32

CloseHandle
EnumResourceNamesA
ExitProcess
FlushFileBuffers
FreeEnvironmentStringsA
GetCommandLineA
GetEnvironmentStringsA
GetLastError
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetSystemInfo
GetVersionExA
GlobalAlloc
GlobalFree
LoadLibraryA
MultiByteToWideChar
ReadFile
SetEndOfFile
SetErrorMode
SetFilePointer
SetLastError
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WideCharToMultiByte
WriteFile
OpenProcess
RtlMoveMemory
Process32First
Process32Next
CreateToolhelp32Snapshot

ole32

CoInitialize
CoUninitialize

oleaut32

SafeArrayCreate
SysAllocStringByteLen
SysFreeString
SysStringByteLen
VariantClear
VariantCopy

user32

CheckRadioButton
ClientToScreen
CreateDialogIndirectParamA
CreateDialogParamA
CreateMenu
CreatePopupMenu
CreateWindowExA
DeleteMenu
DestroyIcon
DestroyWindow
DialogBoxIndirectParamA
DispatchMessageA
DrawMenuBar
EnableWindow
EndDialog
GetClassNameA
GetClientRect
GetDialogBaseUnits
GetDlgCtrlID
GetDlgItem
GetMenu
GetMenuItemInfoA
GetSysColor
GetSysColorBrush
GetWindowLongA
GetWindowRect
GetWindowTextA
GetWindowTextLengthA
InsertMenuItemA
IsDialogMessageA
IsWindow
LoadImageA
MapDialogRect
MessageBoxA
PeekMessageA
PostMessageA
RedrawWindow
ScreenToClient
SendMessageA
SetCursor
SetFocus
SetMenu
SetMenuItemInfoA
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
TrackPopupMenu
TranslateMessage
DialogBoxParamA
GetWindow

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.link
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
One_Hit_kill/~$ИД.doc
One_Hit_kill/ИД.doc
.doc windows office2003

Sharing

General

Malware Config

Signatures

Files

dd1a26fe6b1fb0279af5964ce3367763

Headers

File Characteristics

Imports

advapi32

gdi32

kernel32

ole32

oleaut32

user32

Sections

.text Size: 18KB - Virtual size: 17KB

.data Size: 1024B - Virtual size: 1KB

.link Size: 3KB - Virtual size: 2KB

.rloc Size: 512B - Virtual size: 508B

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 308KB

UPX1 Size: 160KB - Virtual size: 164KB

.rsrc Size: 7KB - Virtual size: 8KB

87bed5a7cba00c7e1f4015f1bdae2183

Headers

File Characteristics

Imports

kernel32

Sections

����t Size: - Virtual size: 988KB

����ta Size: 369KB - Virtual size: 372KB

����a Size: 512B - Virtual size: 4KB

c8bf43826d3943b2eea961ec88d9c3f0

Headers

File Characteristics

Imports

kernel32

user32

wsock32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 12KB - Virtual size: 13KB

.WPEPRO_ Size: 120KB - Virtual size: 118KB

.reloc Size: 8KB - Virtual size: 5KB

dd1a26fe6b1fb0279af5964ce3367763

Headers

File Characteristics

Imports

advapi32

gdi32

kernel32

ole32

oleaut32

user32

Sections

.text Size: 20KB - Virtual size: 20KB

.data Size: 4KB - Virtual size: 4KB

.link Size: 4KB - Virtual size: 4KB

.rloc Size: 4KB - Virtual size: 4KB

.aspack Size: 8KB - Virtual size: 8KB

.text
Size: 18KB - Virtual size: 17KB

.data
Size: 1024B - Virtual size: 1KB

.link
Size: 3KB - Virtual size: 2KB

.rloc
Size: 512B - Virtual size: 508B

UPX0
Size: - Virtual size: 308KB

UPX1
Size: 160KB - Virtual size: 164KB

.rsrc
Size: 7KB - Virtual size: 8KB

��t
Size: - Virtual size: 988KB

��ta
Size: 369KB - Virtual size: 372KB

��a
Size: 512B - Virtual size: 4KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 12KB - Virtual size: 13KB

.WPEPRO_
Size: 120KB - Virtual size: 118KB

.reloc
Size: 8KB - Virtual size: 5KB

.text
Size: 20KB - Virtual size: 20KB

.data
Size: 4KB - Virtual size: 4KB

.link
Size: 4KB - Virtual size: 4KB

.rloc
Size: 4KB - Virtual size: 4KB

.aspack
Size: 8KB - Virtual size: 8KB