15b4c9f9cf42dea7a0b5453dcb3d4745_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

15b4c9f9cf42dea7a0b5453dcb3d4745_JaffaCakes118
Size

176KB
MD5

15b4c9f9cf42dea7a0b5453dcb3d4745
SHA1

85264773bde51eabab1b3af29c6e20c286d810aa
SHA256

d24912a63acc550cd5612ab43d25c846345ec22ad4d91fb777f4020c50825074
SHA512

6845097696c1329eb094cf77e3e806e53df159248f59e922bd36e621fabea709b88a8955324745ca19ec8890dccefd9f43ce47e8c9691118babf87cbd2e45357
SSDEEP

3072:Ujcc+9O+YfCnNZkwWFUnS+tqAORy7I7KdhUlt:Ht9lYanhtEAyKdhUT

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15b4c9f9cf42dea7a0b5453dcb3d4745_JaffaCakes118

Files

15b4c9f9cf42dea7a0b5453dcb3d4745_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d2cec7d4f1161fe004687a4309724e58

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mnmsrvc.pdb

Imports

msvcrt

_adjust_fdiv
??3@YAXPAX@Z
??2@YAPAXI@Z
_c_exit
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
exit
__setusermatherr
_initterm
__getmainargs
__initenv
_cexit
_XcptFilter
_exit

advapi32

RegOpenKeyExA
RegCreateKeyA
RegOpenKeyA
RegisterEventSourceA
RegSetValueExA
RegCloseKey
RegCreateKeyExA
DeregisterEventSource
ReportEventA
RegDeleteValueA
RegFlushKey
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
DeleteService
OpenSCManagerA
RegQueryValueExA
SetServiceStatus
CloseServiceHandle
ChangeServiceConfigA
QueryServiceStatus
ControlService
OpenServiceA
CreateServiceA

kernel32

lstrcatA
CloseHandle
GetProcAddress
GetModuleHandleA
OpenEventA
Sleep
GetLastError
FreeLibrary
CompareStringA
GetVersionExA
CreateProcessA
GetSystemDirectoryA
OpenProcess
GetCurrentProcessId
CreateEventA
GetTickCount
SetEvent
SetConsoleCtrlHandler
InterlockedDecrement
MultiByteToWideChar
WideCharToMultiByte
lstrcpyA
GetComputerNameA
lstrlenA
SetCurrentDirectoryA
AddAtomA
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
lstrcpynA
LoadLibraryExA
InterlockedIncrement
GetModuleFileNameA

user32

SetForegroundWindow
GetForegroundWindow
CreateWindowExA
EnableMenuItem
GetSubMenu
LoadMenuA
GetCursorPos
SetFocus
LoadIconA
RegisterClassA
SetTimer
SystemParametersInfoA
DefWindowProcA
GetDesktopWindow
TrackPopupMenuEx
RemoveMenu
DestroyMenu
DestroyWindow
DestroyIcon
KillTimer
MsgWaitForMultipleObjects
TranslateMessage
DispatchMessageA
PostQuitMessage
PeekMessageA
LoadStringA
CharNextA
wsprintfA

ole32

CoInitialize
CoGetClassObject
CoUninitialize

oleaut32

SysAllocStringByteLen
SysFreeString
SysAllocStringLen

shell32

Shell_NotifyIconA

crypt32

CertFreeCertificateContext
CertFindCertificateInStore
CertOpenStore
CertCloseStore

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d2cec7d4f1161fe004687a4309724e58

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

user32

ole32

oleaut32

shell32

crypt32

Sections

.text Size: 16KB - Virtual size: 15KB

.data Size: 4KB - Virtual size: 428B

.rsrc Size: 8KB - Virtual size: 5KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 16KB - Virtual size: 15KB

.data
Size: 4KB - Virtual size: 428B

.rsrc
Size: 8KB - Virtual size: 5KB

UPX0
Size: 144KB - Virtual size: 380KB