96af3ed583a3d47b9e1225a351ffe268_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

96af3ed583a3d47b9e1225a351ffe268_JaffaCakes118
Size

763KB
MD5

96af3ed583a3d47b9e1225a351ffe268
SHA1

73dd6aaf7e562e235f07bcda329a81d10d6b7400
SHA256

9802fbf91878f527c6e2dbfa52f04a27589db200aea9871b474bdd61aacbadc0
SHA512

efeae0b1b14b1181552741bcf67d5041e355c8164476602efc0c6cfb2c3bead32752fc1037fba49da18bf579750408f2299f052bf44d0b55a3c6defbb2b24521
SSDEEP

12288:R1acFwCa+8FjGF/AL+wc+2INeZKjfGEAhUMuIPUSl2UUg78UeesI6wrP:7n+Ca7wo4zQEKjfGhUMHPTzAesbO

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Win32Dircrypt.Trojan.Ransom.ABZ/119.executable	upx

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Win32Dircrypt.Trojan.Ransom.ABZ/119.executable
unpack002/out.upx
unpack001/Win32Dircrypt.Trojan.Ransom.ABZ/119.unp
unpack001/Win32Dircrypt.Trojan.Ransom.ABZ/11fb52c96853e12f011b7b7894e9884e56eb5522
unpack001/Win32Dircrypt.Trojan.Ransom.ABZ/dircrypt.deobf

Files

96af3ed583a3d47b9e1225a351ffe268_JaffaCakes118
.zip

Password: infected
Win32Dircrypt.Trojan.Ransom.ABZ/109.png
.png
Win32Dircrypt.Trojan.Ransom.ABZ/110.rtf
.rtf
Win32Dircrypt.Trojan.Ransom.ABZ/119.executable
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 548B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Win32Dircrypt.Trojan.Ransom.ABZ/119.unp
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Win32Dircrypt.Trojan.Ransom.ABZ/11fb52c96853e12f011b7b7894e9884e56eb5522
.exe windows:4 windows x86 arch:x86

c79abeef43f264f745bb20039f3b5bd5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5076
ord4341
ord4349
ord4890
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4108
ord6055
ord4078
ord1776
ord4407
ord5240
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3748
ord5065
ord1726
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4432
ord303
ord825
ord813
ord800
ord5259
ord4723
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord3749
ord1727
ord4427
ord674
ord527
ord366
ord794
ord2252
ord5252
ord1133
ord3481
ord3797
ord4284
ord4612
ord4610
ord4274
ord4892
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord4424
ord3738
ord815
ord400
ord561
ord743
ord5500
ord6215
ord617
ord5301
ord5214
ord296
ord2036
ord986
ord520
ord4159
ord6117
ord1134
ord1199
ord1205
ord5265
ord4376
ord4853
ord4998
ord4710
ord2514
ord6052
ord1775
ord5241
ord5280
ord5261
ord4425
ord3597
ord324
ord641
ord4234
ord1825
ord4238
ord2486
ord4003
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord652
ord1206
ord2623
ord338
ord1223
ord4823
ord1849
ord4244
ord2583
ord4403
ord5253
ord3998
ord1576
ord4370
ord4899
ord4588
ord4589
ord4272
ord1942
ord6375
ord823
ord1168

msvcrt

_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
__CxxFrameHandler
_setmbcp
__setusermatherr

kernel32

VirtualAlloc
GetTickCount
CreateFileA
GetModuleFileNameA
GetModuleHandleA
GetStartupInfoA
Sleep

user32

SendMessageA
EnableWindow
UpdateWindow

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 484B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 460KB - Virtual size: 456KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Win32Dircrypt.Trojan.Ransom.ABZ/121.jpg
.jpg
Win32Dircrypt.Trojan.Ransom.ABZ/122.txt
Win32Dircrypt.Trojan.Ransom.ABZ/dircrypt.deobf
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 200KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 48KB

UPX1 Size: 22KB - Virtual size: 24KB

.rsrc Size: 1024B - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 44KB - Virtual size: 41KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 548B

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 44KB - Virtual size: 41KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 552B

c79abeef43f264f745bb20039f3b5bd5

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

Sections

.text Size: 20KB - Virtual size: 17KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 484B

.rsrc Size: 460KB - Virtual size: 456KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 88KB - Virtual size: 84KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 200KB - Virtual size: 198KB

UPX0
Size: - Virtual size: 48KB

UPX1
Size: 22KB - Virtual size: 24KB

.rsrc
Size: 1024B - Virtual size: 4KB

.text
Size: 44KB - Virtual size: 41KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 548B

.text
Size: 44KB - Virtual size: 41KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 552B

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 484B

.rsrc
Size: 460KB - Virtual size: 456KB

.text
Size: 88KB - Virtual size: 84KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 200KB - Virtual size: 198KB