050ce1eb19ff402c4ffb9f681fab3fac_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

050ce1eb19ff402c4ffb9f681fab3fac_JaffaCakes118
Size

160KB
MD5

050ce1eb19ff402c4ffb9f681fab3fac
SHA1

cf39fef70912f819db59bfdd231dabe6940bd78e
SHA256

fc77b3c02c5386b471a15f23b7500516a29bb3375afc7cd12f377fc407b8f87d
SHA512

1816a7b239d1d6d147b603cbcde6f2078d19446158b94ba27eb90cb44aa286b9f3cd43b9ffa1aff12a96ad7e1f5bdeb6bf61878b94317cb307cadc09e6cfe4fd
SSDEEP

3072:NaiZiY/6FdAOj5xBSn2ann/wJQuflxs7NZERShzVYq0+7BEldits3zIVGr1:PV0lO6fs7QwhhYtD3zIwr1

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
050ce1eb19ff402c4ffb9f681fab3fac_JaffaCakes118

Files

050ce1eb19ff402c4ffb9f681fab3fac_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5f9caa0c919567cb9be7d953969acb0f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\r11.0-trunk\Source\Release\SetDefaultProvider.pdb

Imports

mfc70

ord3140
ord512
ord698
ord546
ord532
ord561
ord528
ord977
ord705
ord1870
ord3445
ord4958
ord3993
ord4516
ord4671
ord4361
ord1523
ord1522
ord1403
ord5666
ord1472
ord1469
ord3748
ord1272
ord4025
ord4933
ord1760
ord4854
ord5989
ord3966
ord4975
ord3208
ord4503
ord4063
ord1452
ord5714
ord812
ord817
ord821
ord819
ord823
ord2239
ord2223
ord2242
ord2237
ord2214
ord2216
ord2234
ord2026
ord2020
ord1377
ord5993
ord3610
ord5991
ord3152
ord4042
ord1234
ord4954
ord1814
ord1508
ord1507
ord1451
ord4972
ord2675
ord4267
ord4043
ord2990
ord300
ord2012
ord1081
ord1077
ord2200
ord1755
ord1936
ord1397
ord5669
ord1273
ord4013
ord4986
ord2799
ord2972
ord518
ord1781
ord1344
ord3884
ord1939
ord1399
ord4015
ord2979
ord1406
ord3003
ord956
ord957
ord982
ord1646
ord4530
ord650
ord447
ord257
ord256
ord5815
ord3565
ord5007
ord5005
ord2219
ord2229
ord2227
ord2225
ord2221
ord2244
ord2232
ord4262
ord3751
ord2461
ord3513
ord3523
ord3522
ord2352
ord2463
ord2359
ord2651
ord2529
ord4088
ord2648
ord2546
ord2356
ord5322
ord4985
ord5002
ord4349
ord3750
ord2096
ord4998
ord4996
ord2741
ord1770
ord3640
ord5152
ord5933
ord4883
ord899
ord3614
ord5339
ord1868
ord1913
ord4107
ord5990
ord3609
ord5992
ord3814
ord3832
ord3487
ord4748
ord4322
ord1097

msvcr70

_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
__security_error_handler
_onexit
__dllonexit
_setmbcp
__CxxFrameHandler
_mbscmp
_controlfp
_vscprintf
vsprintf
malloc
free
sprintf

kernel32

GetLocaleInfoA
GetACP
InterlockedExchange
LoadLibraryA
GetProcAddress
GetThreadLocale
FreeLibrary
ExitProcess
GetModuleHandleA
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetVersionExA
SizeofResource
LockResource
LoadResource
FindResourceA
WideCharToMultiByte
GetLastError

user32

MessageBoxA
GetSystemMetrics
EnableWindow
GetClientRect
IsIconic
SendMessageA
AppendMenuA
LoadIconA
DrawIcon
GetSystemMenu

advapi32

CryptAcquireContextA
CryptGetProvParam
CryptReleaseContext
RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExA
CryptSetProviderA

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5f9caa0c919567cb9be7d953969acb0f

Headers

File Characteristics

PDB Paths

Imports

mfc70

msvcr70

kernel32

user32

advapi32

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 276B

.rsrc Size: 1024B - Virtual size: 904B

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 276B

.rsrc
Size: 1024B - Virtual size: 904B

UPX0
Size: 144KB - Virtual size: 380KB