17c3cd43d0a7b4515f5c39bcd3f3b5f7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

17c3cd43d0a7b4515f5c39bcd3f3b5f7_JaffaCakes118
Size

53KB
MD5

17c3cd43d0a7b4515f5c39bcd3f3b5f7
SHA1

ff35ae27ffe30aeb04fa34bf061de0cc0260194b
SHA256

5b4e6de9ff09b2d17381ce2386adc0b88d84a178f2d2445dd255f015420650b5
SHA512

4e30a2b58e947fb5be7ca1a894334784aa04990997247421db6a911857591b47388d22e90cbe160adde963b6bedf6de4bd1fb0b985ef0afcab0d7eebe386b10f
SSDEEP

768:wVsESM78jKIEKDYXofrOfWtmH3y7FJmw08T7rflwNTKdCODFg:wWEujP/r9mH3MmwprflM2dA

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17c3cd43d0a7b4515f5c39bcd3f3b5f7_JaffaCakes118

Files

17c3cd43d0a7b4515f5c39bcd3f3b5f7_JaffaCakes118
.dll windows:4 windows x86 arch:x86

3e0f4496a4bb0557da01a817d552c158

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
GetModuleFileNameA
GetModuleHandleW
GetLocalTime
GetLastError
CreateEventA
ExitProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
OpenProcess
UnmapViewOfFile
MapViewOfFile
GetFileSize
CreateFileMappingA
CreateFileA
CreateRemoteThread
GetModuleHandleA
CopyFileA
SetThreadPriority
ReadFile
GetSystemDirectoryW
lstrcmpiW
GetModuleFileNameW
WriteFile
IsBadWritePtr
LockResource
SizeofResource
LoadResource
FindResourceA
DeviceIoControl
CreateFileW
DuplicateHandle
LoadLibraryExA
GetVersionExA
SetEndOfFile
SetFilePointer
SetFileAttributesA
GetTempPathA
GetLongPathNameA
GetTickCount
OutputDebugStringA
GetStartupInfoA
CreateProcessA
WaitForSingleObject
CloseHandle
LoadLibraryA
InitializeCriticalSection
GlobalFree
LoadLibraryW
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
DeleteFileA
IsDebuggerPresent

advapi32

LookupPrivilegeValueA
CloseServiceHandle
RegSetValueExA
RegQueryValueExA
RegCloseKey
ControlService
DeleteService
OpenSCManagerA
OpenServiceA
CreateServiceA
StartServiceA
RegOpenKeyExA
RegCreateKeyExA
SetServiceStatus
RegisterServiceCtrlHandlerW
AdjustTokenPrivileges

ntdll

NtQueryObject
RtlEqualUnicodeString
RtlInitUnicodeString
_strcmpi
NtQuerySystemInformation

user32

wsprintfW
wsprintfA

ws2_32

Exports

Exports

Service1
Service2
Service3
Service4
Service5

Sections

UPX0
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3e0f4496a4bb0557da01a817d552c158

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ntdll

user32

ws2_32

Exports

Exports

Sections

UPX0 Size: 48KB - Virtual size: 48KB

.rsrc Size: 1024B - Virtual size: 4KB

.avc Size: 2KB - Virtual size: 4KB

UPX0
Size: 48KB - Virtual size: 48KB

.rsrc
Size: 1024B - Virtual size: 4KB

.avc
Size: 2KB - Virtual size: 4KB