0cd014ba4fa34dd86f1468c842390e49_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0cd014ba4fa34dd86f1468c842390e49_JaffaCakes118
Size

537KB
MD5

0cd014ba4fa34dd86f1468c842390e49
SHA1

e6c431959132c76aa7479695d734b08147956784
SHA256

822e795e6f0d184c200d838a9e81bcb40be6722d0493617ced9c907ff5d8d45f
SHA512

af50432f5817658f539e01ff96385df7fa666de533be94d776e2e6d331ee7182862fbb271fb6393b0187fac43a792d029af5f9b089fda33e67615232c4989c88
SSDEEP

6144:/CmsycsZyhC36BKbA4d7oRYsHC4qxwjImi91K3ScG9+VHYWpTAzns8dw1bP1Vm:1lyhC36BkA4d4qxwJKOsKlAbBI7C

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0cd014ba4fa34dd86f1468c842390e49_JaffaCakes118

Files

0cd014ba4fa34dd86f1468c842390e49_JaffaCakes118
.exe windows:5 windows x86 arch:x86

39d030d5578d4c069903ba6c5e5684f6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mspaint.pdb

Imports

mfc42u

ord2933
ord2634
ord3087
ord4050
ord2755
ord6195
ord2810
ord1771
ord940
ord942
ord2286
ord2354
ord755
ord470
ord2281
ord2362
ord6153
ord5147
ord4225
ord2371
ord5784
ord5790
ord5783
ord4358
ord5244
ord3578
ord298
ord620
ord4753
ord3687
ord3867
ord2066
ord1257
ord1196
ord4470
ord5947
ord5977
ord3090
ord4768
ord4532
ord858
ord922
ord5579
ord4124
ord5679
ord5706
ord536
ord4199
ord5641
ord4315
ord816
ord562
ord4018
ord6115
ord6190
ord1941
ord4270
ord5286
ord818
ord4215
ord2576
ord3649
ord2430
ord2858
ord1637
ord3133
ord567
ord1230
ord3747
ord6124
ord6266
ord3490
ord3016
ord4357
ord5083
ord4444
ord4665
ord4679
ord1878
ord4246
ord4940
ord3249
ord2433
ord1688
ord5000
ord4464
ord2715
ord2382
ord3054
ord5094
ord5097
ord4461
ord4298
ord5006
ord975
ord5472
ord3398
ord2874
ord2873
ord4149
ord4072
ord5233
ord5281
ord2641
ord1658
ord4430
ord5248
ord4421
ord739
ord747
ord736
ord4407
ord5728
ord5491
ord2096
ord4454
ord5652
ord5028
ord439
ord450
ord442
ord4237
ord4787
ord3345
ord5468
ord4146
ord5278
ord674
ord366
ord2084
ord4451
ord5048
ord5092
ord4614
ord4612
ord1886
ord4249
ord4010
ord4951
ord4855
ord4820
ord3182
ord4944
ord2429
ord2163
ord4511
ord4634
ord4910
ord4996
ord4485
ord5015
ord3101
ord4599
ord4994
ord4410
ord5497
ord4622
ord2986
ord3412
ord5019
ord3509
ord6340
ord5623
ord1003
ord3444
ord3782
ord3245
ord4691
ord3055
ord3061
ord6332
ord2502
ord5240
ord4417
ord2394
ord4381
ord3449
ord3193
ord6077
ord6171
ord3256
ord4617
ord4424
ord748
ord5650
ord5738
ord4610
ord5014
ord6193
ord4488
ord5734
ord4615
ord5573
ord2776
ord4651
ord1255
ord2721
ord6466
ord2719
ord2722
ord957
ord2007
ord962
ord750
ord603
ord1262
ord6386
ord1985
ord1961
ord273
ord2247
ord458
ord5200
ord4819
ord4854
ord4950
ord1740
ord456
ord4356
ord5082
ord4442
ord4675
ord1263
ord1229
ord3865
ord4493
ord3480
ord4904
ord4504
ord4589
ord5024
ord4989
ord5153
ord6191
ord4609
ord3614
ord4269
ord743
ord4480
ord2546
ord2504
ord5727
ord3917
ord4847
ord2388
ord3341
ord5296
ord5298
ord4074
ord5303
ord5285
ord5710
ord4616
ord3733
ord815
ord2717
ord6371
ord1197
ord4604
ord459
ord561
ord5496
ord2550
ord5712
ord5713
ord2028
ord986
ord6133
ord520
ord1202
ord6112
ord1149
ord925
ord927
ord4692
ord3442
ord3191
ord3998
ord5228
ord1173
ord1561
ord5264
ord6238
ord1897
ord1937
ord4268
ord4583
ord5070
ord4335
ord4525
ord4539
ord4537
ord4520
ord4523
ord4518
ord4958
ord4955
ord4103
ord5236
ord3743
ord1719
ord560
ord5256
ord4364
ord4893
ord4343
ord4426
ord4607
ord4608
ord813
ord1891
ord4884
ord4458
ord4502
ord4294
ord4141
ord2486
ord2618
ord2619
ord1651
ord4369
ord4846
ord3379
ord482
ord2527
ord2238
ord2529
ord3512
ord1807
ord2966
ord5755
ord6188
ord5752
ord6182
ord4324
ord6185
ord6017
ord5674
ord5732
ord5575
ord5567
ord6057
ord5860
ord5788
ord2518
ord469
ord3517
ord3516
ord4154
ord6399
ord6398
ord1887
ord4952
ord3402
ord4984
ord4921
ord4711
ord5102
ord4906
ord4640
ord4974
ord4516
ord4531
ord5069
ord4033
ord3276
ord3348
ord4620
ord749
ord5012
ord4682
ord2378
ord2379
ord457
ord2548
ord4647
ord4987
ord4851
ord2958
ord430
ord4931
ord4926
ord1821
ord656
ord5871
ord3397
ord3605
ord6376
ord3871
ord6375
ord2081
ord1930
ord1809
ord5878
ord4263
ord3290
ord4360
ord5080
ord1703
ord1708
ord5058
ord554
ord807
ord4230
ord5076
ord1705
ord6049
ord642
ord2403
ord2015
ord4213
ord2570
ord4392
ord3577
ord616
ord4143
ord2079
ord3312
ord5879
ord2112
ord327
ord1259
ord2455
ord1644
ord1795
ord5855
ord4491
ord1704
ord414
ord4128
ord4292
ord6137
ord1258
ord713
ord5808
ord3570
ord610
ord6135
ord287
ord3974
ord2767
ord996
ord3971
ord5438
ord3313
ord1567
ord6381
ord6006
ord765
ord3693
ord5677
ord2100
ord4704
ord5949
ord1775
ord6330
ord5777
ord2109
ord1569
ord4229
ord2914
ord324
ord3592
ord4419
ord2438
ord5257
ord5276
ord5996
ord268
ord289
ord3477
ord6063
ord613
ord825
ord4155
ord5047
ord1710
ord323
ord5785
ord2397
ord640
ord529
ord540
ord796
ord800
ord4418
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142

msvcrt

wcschr
_ftol
_itow
_except_handler3
wcstok
_beginthreadex
_c_exit
_exit
_XcptFilter
_cexit
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_controlfp
?terminate@@YAXXZ
__CxxFrameHandler
_wsplitpath
_wtoi
_ltow
_wtol
_CxxThrowException
wcscmp
free
_getdcwd
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
??1type_info@@UAE@XZ
__dllonexit
_onexit
wcscat
_wcsdup
_wcsicmp
_purecall
rand

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyW
RegEnumKeyW
RegQueryValueExA

kernel32

QueryPerformanceCounter
GetExitCodeThread
TerminateThread
InterlockedDecrement
InterlockedIncrement
GlobalReAlloc
lstrcmpW
IsDBCSLeadByte
lstrcpyW
LoadLibraryW
GetACP
GetThreadLocale
GetModuleHandleA
GetTickCount
GetModuleHandleW
lstrcpynW
GetLastError
GetCommandLineW
lstrcmpiW
GetProcAddress
SetEndOfFile
FindFirstFileW
FindClose
GetCurrentThreadId
LocalAlloc
LocalFree
lstrlenA
MultiByteToWideChar
GetTempPathW
GetTempFileNameW
GetFileAttributesW
CreateDirectoryW
CreateFileW
GetFileSize
GetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
CloseHandle
GetNumberFormatW
MulDiv
GetLocaleInfoW
lstrcatW
GlobalLock
GlobalUnlock
GlobalFree
GlobalAlloc
lstrlenW
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetErrorMode
LoadLibraryA
FreeLibrary
InterlockedExchange
RaiseException
GetStartupInfoW

gdi32

SetDIBitsToDevice
GetNearestColor
CreatePalette
SetViewportExtEx
PlayMetaFile
SaveDC
SetMapMode
LPtoDP
RestoreDC
Rectangle
SetDIBColorTable
GetStockObject
FillRgn
GetDIBColorTable
GetCurrentObject
CreatePatternBrush
CreateSolidBrush
ResizePalette
GetNearestPaletteIndex
SetPaletteEntries
GetPaletteEntries
GetDeviceCaps
SetDIBits
DeleteObject
DeleteDC
CreateCompatibleBitmap
CreateBitmap
SelectPalette
RealizePalette
SetBkMode
SetTextColor
SetBkColor
PatBlt
CreateDIBSection
SetTextAlign
ExtTextOutW
GetTextMetricsW
GetTextExtentPoint32W
BitBlt
CreateCompatibleDC
CreateICW
CreateRectRgnIndirect
GetObjectW
CreateDIBitmap
StretchBlt
OffsetRgn
Polygon
GetPixel
CreateHalftonePalette
GetDIBits
CreatePen
SetPixel
LineTo
MoveToEx
UnrealizeObject
SetBrushOrgEx
ExtFloodFill
RoundRect
CreatePolygonRgn
CreateFontIndirectW
CreateDCW
PtVisible
RectVisible
TextOutW
Escape
StretchDIBits
TranslateCharsetInfo
GetBkMode
GetTextColor
EnumFontFamiliesW
EnumFontFamiliesExW
PolyBezier
SetROP2
Polyline
SelectObject
Ellipse
SetStretchBltMode

user32

SetClassLongW
LoadIconW
DestroyCaret
CreateCaret
ShowCaret
SendDlgItemMessageW
GetDlgItemInt
CheckDlgButton
SetDlgItemInt
GetDlgItem
MsgWaitForMultipleObjects
TranslateMessage
DispatchMessageW
PeekMessageW
EnableScrollBar
DestroyWindow
GetKeyboardLayout
SetRectEmpty
InflateRect
LoadBitmapW
SendMessageW
GetWindowRect
UpdateWindow
InvalidateRect
EnableWindow
GetSysColor
wsprintfW
IsWindow
GetSystemMetrics
SetRect
FillRect
MessageBeep
GetParent
MessageBoxW
wvsprintfW
SetWindowTextW
ReleaseDC
DrawFocusRect
GetDC
PtInRect
OffsetRect
WinHelpW
GetClientRect
FrameRect
GetCapture
IsClipboardFormatAvailable
RegisterClipboardFormatW
CopyRect
CharNextW
IntersectRect
UnionRect
ScreenToClient
WindowFromPoint
GetCursorPos
GetKeyState
IsRectEmpty
EqualRect
SetTimer
KillTimer
ReleaseCapture
GetSubMenu
LoadMenuW
BringWindowToTop
ClientToScreen
SetActiveWindow
SetCapture
GetFocus
LoadCursorW
GetWindowLongW
SetCursor
GetDesktopWindow
RemoveMenu
PostMessageW
GetSystemMenu
HideCaret
GetClassInfoW
IsWindowVisible
SystemParametersInfoW
DestroyIcon
LoadStringW
EnableMenuItem
GetMenu
IsMenu
SetWindowLongW
TabbedTextOutW
DrawTextW
GrayStringW
GetWindowDC
CheckMenuItem
BeginPaint
EndPaint
GetUpdateRect
ValidateRect
RedrawWindow
GetWindow
GetCaretPos
SetCaretPos
ShowCursor

comdlg32

CommDlgExtendedError
GetSaveFileNameW
GetFileTitleW
GetOpenFileNameW

ole32

CoUninitialize
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
PropVariantClear
CoTaskMemFree
CoCreateInstance
CLSIDFromString
WriteClassStg
WriteFmtUserTypeStg
OleGetClipboard
ReleaseStgMedium
CoInitialize

oleaut32

SysFreeString
SysAllocString

shell32

ShellAboutW
CommandLineToArgvW
SHChangeNotify

imm32

ImmGetCompositionStringW
ImmGetCompositionWindow
ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext
ImmAssociateContext
ImmNotifyIME

Sections

.text
Size: 239KB - Virtual size: 239KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 186KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 104KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

39d030d5578d4c069903ba6c5e5684f6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc42u

msvcrt

advapi32

kernel32

gdi32

user32

comdlg32

ole32

oleaut32

shell32

imm32

Sections

.text Size: 239KB - Virtual size: 239KB

.data Size: 6KB - Virtual size: 9KB

.rsrc Size: 186KB - Virtual size: 188KB

.UPX0 Size: 104KB - Virtual size: 252KB

.text
Size: 239KB - Virtual size: 239KB

.data
Size: 6KB - Virtual size: 9KB

.rsrc
Size: 186KB - Virtual size: 188KB

.UPX0
Size: 104KB - Virtual size: 252KB