15ee9cc1fe2fe775fd010569fc0ff3d7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

15ee9cc1fe2fe775fd010569fc0ff3d7_JaffaCakes118
Size

2.6MB
MD5

15ee9cc1fe2fe775fd010569fc0ff3d7
SHA1

d9605a767d4e12c05c764649cf128b84075f1b5f
SHA256

0d9f1981378f17cee81f7e0da0b97460ef90a6442c80147892ef40adac7cb35b
SHA512

5a08041ba1f916aee39a15cd69c2beac8b9611d4032e72b457a942d13a8eaf9a5344c257a43816996a28fd7f16c7947881c9ebe4f9a66a0a8291bbf4155066e3
SSDEEP

49152:t6MHH85RLJ70p3qGwhJ5rHEVwbmRYAzrnN0/YdAl:3HH8Tp0p3qGgPzMwbmRYAzW3

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15ee9cc1fe2fe775fd010569fc0ff3d7_JaffaCakes118

Files

15ee9cc1fe2fe775fd010569fc0ff3d7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c26e5f9f04b57e329db7d7021bbad476

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
FlushFileBuffers
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
GetEnvironmentVariableA
ReleaseMutex
GetVersionExA
GetPrivateProfileIntA
DeleteFileA
CreateDirectoryA
FindNextFileA
IsBadCodePtr
IsBadReadPtr
RtlUnwind
HeapSize
InterlockedExchange
GetCurrentDirectoryA
WritePrivateProfileStringA
GetPrivateProfileStringA
WideCharToMultiByte
GlobalMemoryStatus
SetUnhandledExceptionFilter
GetComputerNameA
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
UnmapViewOfFile
MapViewOfFile
CloseHandle
CreateFileMappingA
CreateFileA
Sleep
QueryPerformanceCounter
QueryPerformanceFrequency
GetTimeZoneInformation
GetSystemTime
ExitProcess
TerminateProcess
GetCurrentProcess
GetStartupInfoA
GetCommandLineA
GetVersion
HeapAlloc
HeapFree
HeapReAlloc
GetLastError
GetFileAttributesA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
SetEndOfFile
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
RaiseException
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
WaitForSingleObject
CreateMutexA
SetEnvironmentVariableA
VirtualFree
WriteFile
GetLocalTime
VirtualAlloc
IsBadWritePtr
InterlockedDecrement
InterlockedIncrement
GetFullPathNameA
SetFilePointer
ReadFile
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
SetStdHandle
CompareStringW
CompareStringA

user32

SetFocus
TranslateMessage
PostMessageA
GetDC
ShowCursor
EndDialog
SendDlgItemMessageA
GetDlgItem
SetDlgItemTextA
GetDlgItemTextA
GetDlgItemInt
ScreenToClient
MapWindowPoints
ReleaseDC
ClientToScreen
SetRect
SetDlgItemInt
CreateDialogParamA
GetMessageA
GetClientRect
MessageBeep
TrackPopupMenu
GetSubMenu
LoadMenuA
DialogBoxParamA
InvalidateRect
GetParent
MoveWindow
GetSystemMetrics
SetWindowPos
FindWindowA
SetForegroundWindow
DestroyWindow
UnregisterClassA
LoadImageA
LoadCursorA
RegisterClassExA
RegisterClassA
CreateWindowExA
AdjustWindowRectEx
GetWindowRect
SetWindowLongA
WaitMessage
EnableWindow
SendMessageA
PeekMessageA
DispatchMessageA
GetWindowLongA
UpdateWindow
GetSystemMenu
DeleteMenu
MessageBoxA
GetDoubleClickTime
DefWindowProcA
GetAsyncKeyState
ShowWindow

gdi32

GetObjectA
GetStockObject
GetPixel
SelectObject
DeleteDC
DeleteObject
CreateCompatibleDC
GetDeviceCaps

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA

shell32

ShellExecuteA

ole32

CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

VariantClear
VariantInit

comctl32

ord17
InitCommonControlsEx

comdlg32

GetOpenFileNameA

winmm

timeGetTime

ddraw

DirectDrawCreateEx
DirectDrawEnumerateA

dsound

ord2
ord11

dinput

DirectInputCreateW

ws2_32

getsockopt
connect
inet_ntoa
gethostbyname
WSAStartup
inet_addr
htonl
closesocket
WSAIoctl
socket
htons
WSAGetLastError
bind
getsockname
__WSAFDIsSet
select
setsockopt
send
sendto
recv
ntohs
recvfrom
getpeername
ioctlsocket
ntohl

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 192KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.UPX0
Size: 104KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c26e5f9f04b57e329db7d7021bbad476

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

comdlg32

winmm

ddraw

dsound

dinput

ws2_32

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 196KB - Virtual size: 195KB

.data Size: 88KB - Virtual size: 3.5MB

.idata Size: 8KB - Virtual size: 5KB

.rsrc Size: 20KB - Virtual size: 16KB

Size: 192KB - Virtual size: 188KB

.UPX0 Size: 104KB - Virtual size: 252KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 196KB - Virtual size: 195KB

.data
Size: 88KB - Virtual size: 3.5MB

.idata
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 20KB - Virtual size: 16KB

.UPX0
Size: 104KB - Virtual size: 252KB