0ea47f59f67bb5b7ca8e7fbc587c909a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0ea47f59f67bb5b7ca8e7fbc587c909a_JaffaCakes118
Size

305KB
MD5

0ea47f59f67bb5b7ca8e7fbc587c909a
SHA1

8e0385952f83518d274131f4293283878e945134
SHA256

05e41eb2d2ee2d67aeb8985c319a3ed46ae63bde46d66c998c4c10795122dde6
SHA512

a9dcbf5d042f083b8c0e9fa86661ad5befce11d0434e014605c27d4df016f432c1b6e2979613fcff778e409625a8d4913f84cfef108712218815fe5aa8143acb
SSDEEP

6144:pmEQSFeCzZRYfoOjHL/F9B0KY5nbQNr8BBz2cDFVlfF9aUxzsH:vQSFeqpOTL/Ff0KY5n992cDFnDaUZsH

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ea47f59f67bb5b7ca8e7fbc587c909a_JaffaCakes118

Files

0ea47f59f67bb5b7ca8e7fbc587c909a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c0ad271cbcaff968cd253f6d3fb9e6d7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wuauclt1.pdb

Imports

msvcrt

_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
__dllonexit
_onexit
??1type_info@@UAE@XZ
_controlfp
?terminate@@YAXXZ
exit
_c_exit
memmove
_wcsicmp
wcslen
_CxxThrowException
malloc
free
_vsnwprintf
__CxxFrameHandler
??2@YAPAXI@Z
wcschr
_vsnprintf
_wtoi
_wsplitpath
wcstoul
_cexit
_exit
_XcptFilter
??3@YAXPAX@Z

kernel32

InterlockedIncrement
InterlockedDecrement
WaitForMultipleObjects
CreateThread
TryEnterCriticalSection
Sleep
CompareStringW
GetTimeFormatW
GetSystemDirectoryW
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LocalFree
GetStartupInfoA
CreateProcessW
GetProcAddress
GetSystemDefaultLangID
lstrlenW
GetLocalTime
SystemTimeToFileTime
ExitProcess
GetTickCount
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
CreateMutexW
OpenEventW
RegisterWaitForSingleObject
SetEvent
WaitForSingleObject
QueryPerformanceCounter
ReleaseMutex
CreateEventW
FormatMessageW
SetFilePointer
SetEndOfFile
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CompareStringA
WriteFile
CompareFileTime
GetCurrentThread
SetFileTime
GlobalFree
GlobalAlloc
InterlockedCompareExchange
HeapReAlloc
WideCharToMultiByte
GetDateFormatW
FileTimeToSystemTime
MoveFileW
GetFileTime
CopyFileW
lstrcpynW
LoadLibraryExW
GetVersionExW
GetModuleHandleW
InitializeCriticalSection
CreateFileW
GetFileSize
ReadFile
lstrlenA
MultiByteToWideChar
SetLastError
FindFirstFileW
FindNextFileW
RemoveDirectoryW
FindClose
DeleteFileW
CreateDirectoryW
SetFileAttributesW
GetSystemTime
GetProcessHeap
HeapAlloc
HeapFree
lstrcmpiW
GetFileAttributesW
GetPrivateProfileStringW
VerSetConditionMask
VerifyVersionInfoW
GetCommandLineW
LoadLibraryA
CloseHandle
ProcessIdToSessionId
GetCurrentProcessId
GetLastError
DeleteCriticalSection
FreeLibrary
UnregisterWaitEx

gdi32

TextOutW
CreateSolidBrush
GetTextExtentPoint32W
BitBlt
SetBkColor
CreateCompatibleDC
SetStretchBltMode
StretchBlt
DeleteDC
SetBkMode
SetTextColor
SelectObject
DeleteObject
GetStockObject
CreateFontIndirectW
GetObjectW
GetCurrentObject

user32

PostMessageW
EndDialog
LoadCursorW
LoadAcceleratorsW
RegisterClassExW
CharLowerA
CharUpperA
SetWindowLongW
GetWindowTextLengthW
GetWindowTextW
GetPropW
LoadStringW
SetPropW
CheckDlgButton
CheckRadioButton
IsDlgButtonChecked
UpdateWindow
GetKeyState
DrawEdge
EqualRect
RemovePropW
OffsetRect
CopyRect
GetDesktopWindow
IsWindow
SetWindowTextW
SendMessageW
CreateDialogParamW
BeginPaint
EndPaint
SetWindowPos
GetSystemMenu
EnableMenuItem
TranslateAcceleratorW
CallNextHookEx
GetDlgCtrlID
GetSysColor
GetSysColorBrush
MessageBoxW
GetWindowRect
MapWindowPoints
ReleaseDC
GetDlgItem
EnableWindow
GetDC
DrawFocusRect
GetWindowLongW
DrawTextW
GetFocus
GetCapture
ReleaseCapture
GetParent
GetClientRect
FillRect
SetCapture
ScreenToClient
PtInRect
CallWindowProcW
CreateCursor
InvalidateRect
DestroyCursor
SetRectEmpty
DestroyMenu
CreatePopupMenu
AppendMenuW
CreateWindowExW
ShowWindow
SetTimer
PeekMessageW
MsgWaitForMultipleObjectsEx
TranslateMessage
DispatchMessageW
DestroyWindow
PostQuitMessage
SetWindowsHookExW
DefWindowProcW
GetCursorPos
SetForegroundWindow
TrackPopupMenu
SetActiveWindow
SetFocus
DialogBoxParamW
KillTimer
LoadImageW
GetSystemMetrics
CharNextW
SetCursor

shell32

Shell_NotifyIconW
ShellExecuteW
SHGetFolderPathW

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize

oleaut32

SafeArrayDestroy
SysReAllocString
SysFreeString
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SafeArrayCreate
SafeArrayAccessData
SysAllocString
SafeArrayUnaccessData
VariantClear
SafeArrayGetUBound
VariantInit
SafeArrayGetElement

urlmon

CreateURLMoniker

comctl32

InitCommonControlsEx

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

advapi32

LookupPrivilegeValueW
RegQueryValueExA
RegOpenKeyExA
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorOwner
GetSecurityDescriptorDacl
SetNamedSecurityInfoW
OpenProcessToken
QueryServiceStatus
AdjustTokenPrivileges
RegOpenKeyW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
RegCloseKey

shlwapi

StrChrW
StrRChrW
PathIsRootW
PathIsUNCW
PathStripToRootW
PathIsRelativeW
StrStrW
StrToIntW
PathFindFileNameW

advpack

ExtractFiles

wintrust

WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WinVerifyTrust

crypt32

CryptHashPublicKeyInfo
CertGetCertificateContextProperty

Sections

.text
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c0ad271cbcaff968cd253f6d3fb9e6d7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

gdi32

user32

shell32

ole32

oleaut32

urlmon

comctl32

wtsapi32

advapi32

shlwapi

advpack

wintrust

crypt32

Sections

.text Size: 83KB - Virtual size: 82KB

.data Size: 512B - Virtual size: 5KB

.rsrc Size: 77KB - Virtual size: 76KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 83KB - Virtual size: 82KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 77KB - Virtual size: 76KB

UPX0
Size: 144KB - Virtual size: 380KB