0394e701664595d681077baf2a0476d2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0394e701664595d681077baf2a0476d2_JaffaCakes118
Size

81KB
MD5

0394e701664595d681077baf2a0476d2
SHA1

c4cf0d59d537c39d43ee4cc65468818d9cec2aea
SHA256

d6fe3be65c37d6363bf2d055a509f55571d2ebae3014e622f210398c75e04f3a
SHA512

795e490d1ac77d23ce181bde3b904b7f2c9d16097f068ccc5a55a46feef6f1219f01b9abc5b31c0ae597ea2929a5a11b9c9f9e946b3a2fa98925594b29537f39
SSDEEP

1536:LhEvJaKDHBKxsmRm/lM76FVeqYOZMiQxxODSfsSmmhZ88j2E236MVqlbiq1sk:lENHoxsim/ldeRPxMDSfsSXhnj2EDMVz

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
sample	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
0394e701664595d681077baf2a0476d2_JaffaCakes118
unpack001/out.upx

Files

0394e701664595d681077baf2a0476d2_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

?CanHaveGPT@CDMNodeObj@@QAEHXZ
?Command@CContextMenu@@QAEJJPAUIDataObject@@J@Z
?CompareDiskNames@@YGHJJ@Z
?ContainsActivePartition@CDMNodeObj@@QAEHXZ
?ContainsBootIniPartition@CDMNodeObj@@QAEHXZ
?ContainsBootIniPartitionForWolfpack@CDMNodeObj@@QAEHXZ
?ContainsBootVolumesNumberChange@CDMNodeObj@@QAEH_JPAH@Z
?ContainsESPPartition@CDMNodeObj@@QAEHXZ
?ContainsLogicalDrvBootPartition@CDMNodeObj@@QAEHXZ
?ContainsPageFile@CDMNodeObj@@QAEHXZ
?ContainsRealSystemPartition@CDMNodeObj@@QAEHXZ
?ContainsSubDiskNeedResync@CDMNodeObj@@QAEHXZ
?ContainsSystemInformation@CDMNodeObj@@QAEHXZ
?ContainsSystemPartition@CDMNodeObj@@QAEHXZ
?ConvertBytesToMB@@YGK_J@Z
?ConvertMBToBytes@@YG_J_J@Z
?CookieSort@@YGXPAJJJP6GHJJ@Z@Z
?DoDelete@CContextMenu@@QAEXJ@Z
?EnhancedIsUpgradeable@CDMNodeObj@@QAEHPAVCTaskData@@@Z
?EnumDiskRegions@CDMNodeObj@@QAEXPAPAJAAJ@Z
?EnumDisks@CTaskData@@QAEXAAKPAPAJ@Z
?EnumFirstVolumeMember@CDMNodeObj@@QAEXAAJ0@Z
?EnumNTFSwithDriveLetter@CDataCache@@QAEXPAHPAPAG@Z
?EnumVolumeMembers@CDMNodeObj@@QAEXPAPAJAAJ@Z
?EnumVolumes@CTaskData@@QAEXAAKPAPAJ@Z
?FilterCookiesBigEnoughForFTRepair@CTaskData@@QAEXAAKPAJPAPAJJPAVCDMNodeObj@@@Z
?FilterCookiesBigEnoughForRAID5Repair@CTaskData@@QAEXAAKPAJPAPAJJPAVCDMNodeObj@@@Z
?FindDriveLetter@CTaskData@@QAEX_JAAG@Z
?FindFileSystem@CTaskData@@QAEH_JAAUfilesysteminfo@@@Z
?FindRegionPtrFromRegionId@CTaskData@@QAEH_JPAPAVCDMNodeObj@@@Z
?FreeArrayOfStrings@@YGXPAUarrayOfStrings@@@Z
?GetAssignedDriveLetter@CTaskData@@QAEHJAAG@Z
?GetBootPort@CTaskData@@QAEHXZ
?GetBottomViewStyle@CDMSnapin@@QAEHXZ
?GetColorRef@CDMNodeObj@@QAEKXZ
?GetDMDataObjPtrFromId@CTaskData@@QAEPAVCDMNodeObj@@_J@Z
?GetDeviceState@CDMNodeObj@@QAEKXZ
?GetDeviceType@CDMNodeObj@@QAEKXZ
?GetDiskCookies@CTaskData@@QAEXAAKPAPAJHKH@Z
?GetDiskCookiesForSig@CTaskData@@QAEXAAKPAPAJ@Z
?GetDiskCookiesForUpgrade@CTaskData@@QAEXAAKPAPAJ@Z
?GetDiskCookiesToEncap@CTaskData@@QAEXAAKPAPAJ@Z
?GetDiskInfo@CDMNodeObj@@QAEHAAUdiskinfoex@@@Z
?GetDiskInfoFromVolCookie@CTaskData@@QAEXJAAHAAKPAPAJKH@Z
?GetDiskScaling@CDMSnapin@@QAEHXZ
?GetDiskSpec@CDMNodeObj@@QAEHAAUdiskspec@@@Z
?GetDiskStatus@CDMNodeObj@@QAEHAAVCString@@@Z
?GetDiskTypeName@CDMNodeObj@@QAEXAAVCString@@@Z
?GetDriveLetter@CDMNodeObj@@QAEXAAG@Z
?GetDriveLetters@CTaskData@@QAEXAAFPAPAGG@Z
?GetExtendedRegionColor@CDMNodeObj@@QAEKXZ
?GetExtraRegionStatus@CDMNodeObj@@QAEHAAVCString@@H@Z
?GetFileSystemLabel@CDMNodeObj@@QAEXAAVCString@@@Z
?GetFileSystemName@CDMNodeObj@@QAEXAAVCString@@@Z
?GetFileSystemSize@CDMNodeObj@@QAEXAAJ@Z
?GetFileSystemType@CDMNodeObj@@QAEHXZ
?GetFileSystemTypes@CTaskData@@QAEXAAKPAPAUifilesysteminfo@@@Z
?GetFilterToggle@CDMSnapin@@QAEHXZ
?GetFlags@CDMNodeObj@@QAEJXZ
?GetIVolumeClientVersion@CDMNodeObj@@QAEFXZ
?GetIVolumeClientVersion@CTaskData@@QAEFXZ
?GetIconId@CDMNodeObj@@QAEIH@Z
?GetImageNum@CDMNodeObj@@QAEHXZ
?GetLayoutType@CDMNodeObj@@QAE?AW4_LAYOUT_TYPES@@XZ
?GetLdmObjectId@CDMNodeObj@@QAE_JXZ
?GetListBehavior@CDMSnapin@@QAEHXZ
?GetLogicalDriveCount@CDMNodeObj@@QAEKXZ
?GetLongName@CDMNodeObj@@QAEXAAVCString@@H@Z
?GetMaxAdjustedFreeSize@CDMNodeObj@@QAEXAA_J@Z
?GetMaxPartitionCount@CDMNodeObj@@QAEKXZ
?GetMinMaxPartitionSizes@CTaskData@@QAEXJAAK0@Z
?GetName@CDMNodeObj@@QAEXAAVCString@@@Z
?GetNumMembers@CDMNodeObj@@QAEKXZ
?GetNumRegions@CDMNodeObj@@QAEKXZ
?GetObjectId@CDMNodeObj@@QAEXAA_J@Z
?GetOcxFrameCWndPtr@CTaskData@@QAEPAVCWnd@@XZ
?GetParentDiskPtr@CDMNodeObj@@QAEPAV1@XZ
?GetParentVolumePtr@CDMNodeObj@@QAEPAV1@XZ
?GetPartitionStyle@CDMNodeObj@@QAE?AW4_PARTITIONSTYLE@@XZ
?GetPartitionStyleString@CDMNodeObj@@QAEXAAVCString@@H@Z
?GetPatternRef@CDMNodeObj@@QAEHXZ
?GetPort@CDMNodeObj@@QAEHXZ
?GetPrimaryPartitionCount@CDMNodeObj@@QAEKXZ
?GetRegionColorStructPtr@CTaskData@@QAEXPAPAU_REGION_COLORS@@AAH@Z
?GetRegionInfo@CDMNodeObj@@QAEHAAUregioninfoex@@@Z
?GetRegionScaling@CDMSnapin@@QAEHXZ
?GetResultStringArray@CDMNodeObj@@QAEHAAVCStringArray@@@Z
?GetServerName@CDataCache@@QAE?AVCString@@XZ
?GetServerName@CTaskData@@QAEXAAVCString@@@Z
?GetShortName@CDMNodeObj@@QAEXAAVCString@@@Z
?GetSize@CDMNodeObj@@QAEXAAJ@Z
?GetSize@CDMNodeObj@@QAEXAA_JH@Z
?GetSizeString@CDMNodeObj@@QAEXAAVCString@@@Z
?GetStatus@CDMNodeObj@@QAEHXZ
?GetStorageType@CDMNodeObj@@QAE?AW4_STORAGE_TYPES@@XZ
?GetStorageType@CDMNodeObj@@QAEXAAVCString@@H@Z
?GetTopViewStyle@CDMSnapin@@QAEHXZ
?GetUIState@CTaskData@@QAEKXZ
?GetUnallocSpace@CDMNodeObj@@QAE_JH@Z
?GetVolumeInfo@CDMNodeObj@@QAEHAAUvolumeinfo@@@Z
?GetVolumeStatus@CDMNodeObj@@QAEHAAVCString@@@Z
?GetWaitCursor@CDMSnapin@@QAEHXZ
?HasExtendedPartition@CDMNodeObj@@QAEHXZ
?HasNTFSwithDriveLetter@CDataCache@@QAEHXZ
?IsActive@CDMNodeObj@@QAEHXZ
?IsAlpha@CTaskData@@QAEHXZ
?IsCurrBootVolume@CDMNodeObj@@QAEHXZ
?IsCurrSystemVolume@CDMNodeObj@@QAEHXZ
?IsDiskEmpty@CDMNodeObj@@QAEHXZ
?IsEECoveredGPTDisk@CDMNodeObj@@QAEHXZ
?IsESPPartition@CDMNodeObj@@QAEHXZ
?IsFTVolume@CDMNodeObj@@QAEHXZ
?IsFakeVolume@CDMNodeObj@@QAEHXZ
?IsFirstFreeRegion@CDMNodeObj@@QAEHXZ
?IsHiddenRegion@CDMNodeObj@@QAEHXZ
?IsIA64Client@CTaskData@@QAEHXZ
?IsIA64Server@CTaskData@@QAEHXZ
?IsInFlux@CDMNodeObj@@QAEHXZ
?IsLocalMachine@CTaskData@@QAEHXZ
?IsMbrEEPartition@CDMNodeObj@@QAEHXZ
?IsMember@CDMNodeObj@@QAEHPAV1@@Z
?IsNEC_98Disk@CDMNodeObj@@QAEHXZ
?IsNEC_98Server@CTaskData@@QAEHXZ
?IsNTServer@CTaskData@@QAEHXZ
?IsOemPartition@CDMNodeObj@@QAEHXZ
?IsRevertable@CDMNodeObj@@QAEHXZ
?IsSecureSystemPartition@CTaskData@@QAEHXZ
?IsUnknownPartition@CDMNodeObj@@QAEHXZ
?IsUpgradeable@CDMNodeObj@@QAEHXZ
?IsWolfpack@CTaskData@@QAEHXZ
?PopUpInit@CContextMenu@@QAEXPAVCDMNodeObj@@AAHH@Z
?RecalculateSpace@CDMNodeObj@@QAEXXZ
?RefreshFileSys@CContextMenu@@QAEXJ@Z
?SetDescriptionBarText@CDMSnapin@@QAEXXZ
?SetFSId@CDMNodeObj@@QAEX_J@Z
?SetUIState@CTaskData@@QAEXK@Z
?ShowContextMenu@CContextMenu@@QAEJPAVCWnd@@JJJ@Z
?UpDateConsoleView@CDMSnapin@@QAEXXZ
?VolumeContainsActiveRegion@CDMNodeObj@@QAEHXZ
?namecmp@@YGHPBG0@Z
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
GetPropertyPageData
IsRequestPending
LoadPropertyPageData

Sections

UPX0
Size: - Virtual size: 140KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 70KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 140KB

UPX1 Size: 70KB - Virtual size: 72KB

.rsrc Size: 10KB - Virtual size: 12KB

Headers

File Characteristics

Sections

.text Size: 168KB - Virtual size: 167KB

.data Size: 15KB - Virtual size: 15KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 9KB - Virtual size: 9KB

UPX0
Size: - Virtual size: 140KB

UPX1
Size: 70KB - Virtual size: 72KB

.rsrc
Size: 10KB - Virtual size: 12KB

.text
Size: 168KB - Virtual size: 167KB

.data
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 9KB - Virtual size: 9KB