087f890481e11c619e18d97452f48408_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

087f890481e11c619e18d97452f48408_JaffaCakes118
Size

870KB
MD5

087f890481e11c619e18d97452f48408
SHA1

2288143635150174b1b8e14708c88a4d6c0e9bed
SHA256

95e226f887c598cc4fae0eea29270cbf7d9b13b3bce38fe365e1426784cba980
SHA512

52e6bf6d192d06313f79ba37f16d1bfa0227e077132d113e1e3110620a2745f7f73d8a3bf0b1ada6c463656cacc06b4129db134d9467c50c5044bd937da7751e
SSDEEP

24576:aW3d6ZzpNGmNHePHNHtexUlrOAv9rPmz9ffnFny/xwMR:aW3d671evHe8rnVrPmz5f1yZ7R

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/CrazyListen1.0.4.0/CrazyListen1.0.4.0.exe	upx
static1/unpack001/CrazyListen1.0.4.0/sentence/down.exe	upx

AutoIT Executable 2 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
static1/unpack002/out.upx	autoit_exe
static1/unpack003/out.upx	autoit_exe

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/CrazyListen1.0.4.0/CrazyListen1.0.4.0.exe
unpack002/out.upx
unpack001/CrazyListen1.0.4.0/sapi.dll
unpack001/CrazyListen1.0.4.0/sentence/down.exe
unpack003/out.upx

Files

087f890481e11c619e18d97452f48408_JaffaCakes118
.rar
CrazyListen1.0.4.0/CrazyListen1.0.4.0.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 460KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 263KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 512KB - Virtual size: 512KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CrazyListen1.0.4.0/crazylisten.bmp
CrazyListen1.0.4.0/sapi.dll
.dll regsvr32 windows:5 windows x86 arch:x86

8be1e71135249182f5f05114ab9256cc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

sapi.pdb

Imports

kernel32

lstrlenW
GetModuleFileNameA
GetModuleFileNameW
CreateEventA
CreateEventW
lstrlenA
WaitForSingleObject
CreateFileA
CreateFileW
GetFileInformationByHandle
ReadFile
WriteFile
SetFilePointer
SetEndOfFile
LockFileEx
UnlockFileEx
DuplicateHandle
GetCurrentProcess
InterlockedIncrement
InterlockedDecrement
ReleaseMutex
DeleteFileA
DeleteFileW
CreateDirectoryA
CreateDirectoryW
GetFileAttributesA
GetFileAttributesW
CreateMutexA
CreateMutexW
OpenEventA
InterlockedExchange
ReleaseSemaphore
CreateSemaphoreA
GetThreadPriority
GetQueuedCompletionStatus
GetSystemInfo
CreateIoCompletionPort
WaitForMultipleObjects
PostQueuedCompletionStatus
SetThreadPriority
lstrcmpiA
IsDBCSLeadByte
lstrcpynA
HeapDestroy
lstrcpyA
lstrcatA
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetShortPathNameA
MoveFileA
MoveFileW
CreateFileMappingA
CreateFileMappingW
CompareStringA
CompareStringW
UnmapViewOfFile
MapViewOfFile
GetFileSize
GlobalMemoryStatus
GetModuleHandleA
SystemTimeToFileTime
GetSystemTime
LoadLibraryA
GetFullPathNameW
GlobalUnlock
GlobalLock
Sleep
SetLastError
IsValidLocale
LoadLibraryExW
FindResourceExA
FindResourceExW
LockResource
OpenProcess
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsSetValue
GetCommandLineA
HeapFree
HeapAlloc
ExitThread
TlsGetValue
CreateThread
HeapReAlloc
ExitProcess
TlsFree
TlsAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
VirtualProtect
VirtualQuery
LCMapStringA
LCMapStringW
VirtualAlloc
RtlUnwind
GetACP
GetOEMCP
GetCPInfo
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
SetStdHandle
FlushFileBuffers
GetVersionExA
LoadLibraryW
GetUserDefaultLangID
GetProcAddress
FreeLibrary
MultiByteToWideChar
GetLastError
WideCharToMultiByte
GetTickCount
ResetEvent
SetEvent
CloseHandle
CreateProcessA
DeleteCriticalSection
InitializeCriticalSection
IsBadCodePtr
LeaveCriticalSection
EnterCriticalSection
IsBadReadPtr
GetFullPathNameA
IsBadWritePtr

user32

GetDlgItem
wsprintfA
SendMessageA
LoadStringA
DefWindowProcA
EnableWindow
EndDialog
GetWindowLongA
SetFocus
DialogBoxParamA
SetCursor
SetWindowLongA
GetFocus
IsWindow
UnregisterClassA
DispatchMessageA
DestroyWindow
PostMessageA
RegisterClassA
CreateWindowExA
CharNextA
FindWindowA
SetTimer
KillTimer
SetWindowTextA
SendMessageTimeoutA
PeekMessageA
MsgWaitForMultipleObjects
LoadCursorA

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegCreateKeyExW
RegQueryValueExA
RegQueryValueExW
RegCloseKey
RegDeleteKeyA
RegDeleteKeyW
RegEnumKeyExA
RegEnumKeyExW
RegDeleteValueA
RegDeleteValueW
RegEnumValueA
RegEnumValueW
RegSetValueExA
RegSetValueExW
RegQueryInfoKeyA
GetUserNameA
GetUserNameW
RegOpenKeyExW

ole32

CoInitializeEx
CoUninitialize
CoTaskMemRealloc
CLSIDFromProgID
GetHGlobalFromStream
StringFromGUID2
CoCreateGuid
CLSIDFromString
CreateStreamOnHGlobal
StringFromIID
IIDFromString
StringFromCLSID
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoDisconnectObject

oleaut32

SafeArrayAccessData
SafeArrayUnaccessData
VariantClear
SysAllocString
SafeArrayCreateVector
VarUI4FromStr
SafeArrayRedim
RegisterTypeLi
SysStringLen
LoadRegTypeLi
VariantInit
SysAllocStringLen
VariantCopy
VarDecRound
SysFreeString
LoadTypeLi
VariantChangeType

winmm

waveInAddBuffer
waveInPrepareHeader
waveInUnprepareHeader
waveOutUnprepareHeader
waveOutWrite
waveOutPrepareHeader
mixerGetID
mixerClose
mixerOpen
waveInGetNumDevs
waveOutGetNumDevs
waveOutGetDevCapsA
waveOutGetDevCapsW
waveInGetDevCapsA
waveInGetDevCapsW
waveInReset
waveInStop
waveInStart
waveInOpen
waveInClose
waveOutReset
waveOutPause
waveOutRestart
waveOutOpen
waveOutClose
waveOutGetPosition
mixerGetLineInfoA
mixerGetLineControlsA
mixerGetControlDetailsA
mixerSetControlDetails
mmioClose
mmioSeek
mmioRead
mmioWrite
mmioDescend
mmioAscend
mmioCreateChunk
mmioOpenA
mmioOpenW

shlwapi

ord437

urlmon

URLOpenBlockingStreamW

msacm32

acmStreamPrepareHeader
acmStreamConvert
acmStreamUnprepareHeader
acmStreamSize
acmStreamOpen
acmStreamClose
acmFormatSuggest

shfolder

SHGetFolderPathW

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
RunSapiServer

Sections

.text
Size: 488KB - Virtual size: 487KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CrazyListen1.0.4.0/sentence/c/claim.txt
CrazyListen1.0.4.0/sentence/c/clap.txt
CrazyListen1.0.4.0/sentence/c/clarify.txt
CrazyListen1.0.4.0/sentence/c/clasp.txt
CrazyListen1.0.4.0/sentence/c/class.txt
CrazyListen1.0.4.0/sentence/c/classical.txt
CrazyListen1.0.4.0/sentence/down.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 464KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 263KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 512KB - Virtual size: 512KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CrazyListen1.0.4.0/大学英语四级词汇.txt
CrazyListen1.0.4.0/新概念英语第三册.txt
CrazyListen1.0.4.0/研究生入学词组.txt

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 460KB

UPX1 Size: 263KB - Virtual size: 264KB

.rsrc Size: 21KB - Virtual size: 24KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 512KB - Virtual size: 512KB

.rdata Size: 54KB - Virtual size: 54KB

.data Size: 26KB - Virtual size: 105KB

.rsrc Size: 24KB - Virtual size: 24KB

8be1e71135249182f5f05114ab9256cc

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

winmm

shlwapi

urlmon

msacm32

shfolder

version

Exports

Exports

Sections

.text Size: 488KB - Virtual size: 487KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 196KB - Virtual size: 195KB

.reloc Size: 28KB - Virtual size: 27KB

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 464KB

UPX1 Size: 263KB - Virtual size: 264KB

.rsrc Size: 26KB - Virtual size: 28KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 512KB - Virtual size: 512KB

.rdata Size: 54KB - Virtual size: 54KB

.data Size: 26KB - Virtual size: 105KB

.rsrc Size: 29KB - Virtual size: 29KB

UPX0
Size: - Virtual size: 460KB

UPX1
Size: 263KB - Virtual size: 264KB

.rsrc
Size: 21KB - Virtual size: 24KB

.text
Size: 512KB - Virtual size: 512KB

.rdata
Size: 54KB - Virtual size: 54KB

.data
Size: 26KB - Virtual size: 105KB

.rsrc
Size: 24KB - Virtual size: 24KB

.text
Size: 488KB - Virtual size: 487KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 196KB - Virtual size: 195KB

.reloc
Size: 28KB - Virtual size: 27KB

UPX0
Size: - Virtual size: 464KB

UPX1
Size: 263KB - Virtual size: 264KB

.rsrc
Size: 26KB - Virtual size: 28KB

.text
Size: 512KB - Virtual size: 512KB

.rdata
Size: 54KB - Virtual size: 54KB

.data
Size: 26KB - Virtual size: 105KB

.rsrc
Size: 29KB - Virtual size: 29KB