08e349872a70fcb8b848ab3113721900_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

08e349872a70fcb8b848ab3113721900_JaffaCakes118
Size

228KB
MD5

08e349872a70fcb8b848ab3113721900
SHA1

fe39a2de985f05a968fe15a3c0915b5be37768e6
SHA256

ea3e9534582282a866a57b1a78b9c59d9342f2c1a907c15d2e0c31e630cde6b7
SHA512

522e518197e18575a1ea7ae86b1618033db91cf852290ecb45146b116140df9126e18a366264a6597dbfbb2a2978c09515eb011869eb35bb74d40b5121e8d2ab
SSDEEP

6144:Z5psm7AdburM3MpPUKlRed4xkNLe5JnqABr6IzD+hQjDlrtCwX:Z3ouQ+P5lxZq8D+hQxX

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
08e349872a70fcb8b848ab3113721900_JaffaCakes118

Files

08e349872a70fcb8b848ab3113721900_JaffaCakes118
.exe windows:6 windows x86 arch:x86

1101b5ccf082394a67f3b350d2a2714e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

SearchFilterHost.pdb

Imports

advapi32

CopySid
GetLengthSid
IsValidSid
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetTokenInformation
AddAce
GetAce
GetAclInformation
AddAccessAllowedAce
InitializeAcl
EventRegister
EventUnregister
EventWrite
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenProcessToken
OpenThreadToken
LookupAccountNameW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RevertToSelf
GetSecurityDescriptorLength
ImpersonateLoggedOnUser
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegEnumValueW
RegQueryValueExW
RegDeleteKeyExW
LookupAccountSidW
CreateWellKnownSid
ConvertStringSecurityDescriptorToSecurityDescriptorA

kernel32

GlobalUnlock
GlobalLock
MapViewOfFile
GlobalFree
GlobalAlloc
GetHandleInformation
SetErrorMode
GetCurrentProcessId
HeapSetInformation
RaiseException
InitializeCriticalSection
DeleteCriticalSection
SearchPathW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
GetVersionExW
CreateFileW
CreateFileMappingW
FindResourceExW
WaitForSingleObject
ReleaseMutex
WaitForMultipleObjects
OutputDebugStringW
CopyFileA
DeleteFileA
FlushViewOfFile
GetLocalTime
CreateFileA
UnmapViewOfFile
FormatMessageW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetTimeFormatW
LocalFree
SetPriorityClass
SetLastError
ExpandEnvironmentStringsW
OutputDebugStringA
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedCompareExchange
Sleep
lstrlenA
GetLastError
WideCharToMultiByte
InterlockedIncrement
InterlockedExchange
GetVersionExA
GetModuleFileNameW
SetEvent
GetProcessTimes
GetCurrentProcess
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
lstrcmpiW
LoadLibraryW
LeaveCriticalSection
EnterCriticalSection
lstrlenW
InterlockedDecrement
CloseHandle
GetModuleHandleW
GetProcAddress
GetCurrentThread
GetThreadTimes

msvcrt

_iob
fprintf
_wcsnicmp
_purecall
malloc
free
_itow_s
strncmp
wcsncmp
bsearch
_controlfp
_onexit
_lock
__dllonexit
_unlock
_errno
realloc
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
memcpy
_wtoi
memset
wcsncpy_s
_CxxThrowException
memcpy_s
__CxxFrameHandler3
_vsnwprintf
_ultow
_wcsicmp
_vsnprintf
strerror

user32

UnregisterClassA
LoadStringW
CharNextW

ole32

CoTaskMemAlloc
CoTaskMemFree
StringFromCLSID
CoTaskMemRealloc
CoUninitialize
CoReleaseMarshalData
CoMarshalInterface
CreateStreamOnHGlobal
CoGetMarshalSizeMax
CoInitializeSecurity
CoInitializeEx
CoCreateInstance

oleaut32

VarUI4FromStr

tquery

?ciDelete@@YGXPAX@Z
?ciNewNoThrow@@YGPAXI@Z

imm32

ImmDisableIME

msshooks

LoadMSSearchHooks

mscoree

LockClrVersion

shlwapi

SHRegGetValueW

Sections

.text
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1101b5ccf082394a67f3b350d2a2714e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

user32

ole32

oleaut32

tquery

imm32

msshooks

mscoree

shlwapi

Sections

.text Size: 75KB - Virtual size: 74KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 4KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 75KB - Virtual size: 74KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB

UPX0
Size: 144KB - Virtual size: 380KB