07207523e11836a34b4a31a6f49bd553_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

07207523e11836a34b4a31a6f49bd553_JaffaCakes118
Size

144KB
MD5

07207523e11836a34b4a31a6f49bd553
SHA1

980fd3605b9e7c75537d717eb6ab47d8d759c153
SHA256

9335d51eb0c945dcd789fdcaea42d33495990dc0ddbf17c6cc99d1619d0ecc26
SHA512

534130506ce4db50706fb0ca4ff96a13c8fd96732ec72207cf993c3266a3c08e26a44f1c225bc52debf091a245441cc969e2dffea611a610d34f375b769d1446
SSDEEP

1536:XYlH6Y9KvHbFjO0Ts8HS3CXdfDig0EWar5McTuPMs61BcUtSLMNonQSW:MHFKJOV8H8CXdfiEpycTyMxBBNonU

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
07207523e11836a34b4a31a6f49bd553_JaffaCakes118

Files

07207523e11836a34b4a31a6f49bd553_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

f7a03114108f0fe816102a76e1310999

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTickCount
GetFileAttributesA
FreeLibrary
MoveFileA
GetCurrentProcess
SetFileAttributesA
FindNextFileA
FindFirstFileA
FileTimeToSystemTime
ReadFile
SetFilePointer
GetFileSize
GetFileInformationByHandle
GetLocalTime
CreateFileMappingA
CreateFileA
WriteFile
UnmapViewOfFile
SystemTimeToFileTime
DeleteFileA
ReleaseMutex
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
GetModuleFileNameA
DisableThreadLibraryCalls
GetTempPathA
GetModuleHandleA
FindResourceA
SizeofResource
GetLastError
lstrlenA
MultiByteToWideChar
CloseHandle
CreateMutexA
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
lstrcmpA
lstrcpynA
MapViewOfFile
lstrcpyA
Sleep
lstrlenW
WideCharToMultiByte
WaitForSingleObject
FindClose

advapi32

RegCloseKey
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

atl

gdi32

CreateDIBSection
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteDC
GetObjectA

gdiplus

GdipGetImageEncoders
GdiplusShutdown
GdipSaveImageToFile
GdipLoadImageFromFile
GdiplusStartup
GdipFree
GdipDisposeImage
GdipAlloc
GdipCloneImage
GdipGetImageEncodersSize

msvcp60

??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IPBDI@Z
?resize@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXI@Z
?_Freeze@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PAG0PBG@Z
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?at@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEABGI@Z
?insert@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IPBGI@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Xran@std@@YAXXZ
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PAD0PBD@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

msvcrt

strchr
wcsncpy
strncpy
fwrite
sprintf
ftell
fseek
realloc
malloc
_beginthreadex
strrchr
atoi
strtok
wcscmp
swprintf
_ftol
pow
strtol
_mbsicmp
rand
srand
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_initterm
_adjust_fdiv
_strlwr
_unlink
memcpy
fclose
fread
calloc
fopen
__CxxFrameHandler
_purecall
free
_itoa
strcmp
??2@YAPAXI@Z
strstr
memset
strlen
strcpy
memcmp
strcat
isalnum
wcslen
_mbsupr
_mbslwr
_vsnprintf
memmove
isspace
isalpha
isdigit

ole32

CoTaskMemAlloc

oleaut32

shlwapi

SHDeleteKeyA

user32

KillTimer
ExitWindowsEx
SetTimer
wsprintfA
IsCharAlphaNumericA
LoadStringW
LoadStringA
GetDesktopWindow
IsWindow
FindWindowExA
SendMessageA
ReleaseDC
GetClientRect
GetDC
GetKeyState
GetCursorPos

wininet

InternetConnectA
InternetOpenA
InternetReadFile
InternetOpenUrlA
FindCloseUrlCache
InternetGetCookieA
DeleteUrlCacheEntry
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA
HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f7a03114108f0fe816102a76e1310999

Headers

File Characteristics

Imports

kernel32

advapi32

atl

gdi32

gdiplus

msvcp60

msvcrt

ole32

oleaut32

shlwapi

user32

wininet

Exports

Exports

Sections

UPX0 Size: 132KB - Virtual size: 132KB

.rsrc Size: 4KB - Virtual size: 4KB

.avp Size: 7KB - Virtual size: 8KB

UPX0
Size: 132KB - Virtual size: 132KB

.rsrc
Size: 4KB - Virtual size: 4KB

.avp
Size: 7KB - Virtual size: 8KB