168b8ace1e628919969cf8724e29459c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

168b8ace1e628919969cf8724e29459c_JaffaCakes118
Size

1.0MB
MD5

168b8ace1e628919969cf8724e29459c
SHA1

0e666ae0f04c7c5fa6f53aec7f12d78f1ab17d36
SHA256

194f05712c30c121f885a49574ba2b3f9ef7c4e1aad9c787ff19f5197410b843
SHA512

2663b39063b2b8be8798a10905f2c977b83e6f332819ebfa9c582589d7fec5e25257fdedd70e016aa2b8feb622130d3514da6ecdeb59b5cfd12d26333966dbf1
SSDEEP

12288:q7ksOMDLw51qviizQBODAgANJCkylkQ5ZS5XtW5Z75ZQ5Zwt2ZZB/E3oSPyq6:q7kcg5kRzAgANjcpmoj6GcZZljOn6

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
168b8ace1e628919969cf8724e29459c_JaffaCakes118

Files

168b8ace1e628919969cf8724e29459c_JaffaCakes118
.exe windows:6 windows x86 arch:x86

8bd0c6e0c90f8f215006339fa67f557a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mblctr.pdb

Imports

advapi32

TraceMessage
TraceEvent
RegCloseKey
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegGetValueW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids

kernel32

LocalAlloc
GetSystemPowerStatus
FormatMessageW
SetEvent
DeleteCriticalSection
CreateEventW
InitializeCriticalSection
LocalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FindResourceW
LoadResource
LockResource
SizeofResource
GetSystemDirectoryW
CreateProcessW
CloseHandle
CreateThread
GetCommandLineW
InterlockedExchange
GetVersionExA
lstrcmpW
HeapSetInformation
CreateMutexW
ReleaseMutex
RegisterApplicationRestart
SetLastError
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
SystemTimeToFileTime
CompareFileTime
FreeLibrary
GetProcAddress
LoadLibraryW
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
HeapFree
GetProcessHeap
HeapAlloc
LoadLibraryA
VirtualFree
VirtualAlloc
Sleep
InterlockedCompareExchange
GetStartupInfoA
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
OutputDebugStringA
RaiseException
GetLastError

gdi32

Polygon
SetWindowOrgEx
GetBkColor
SetBkColor
GetTextExtentPoint32W
CreateRectRgn
SelectClipRgn
GetLayout
SetLayout
SetViewportOrgEx
SetBrushOrgEx
BitBlt
GdiGradientFill
SetDCPenColor
MoveToEx
LineTo
CreateDIBSection
GdiAlphaBlend
SetTextColor
SetBkMode
GetStockObject
CreateDCW
DeleteDC
GetTextMetricsW
SelectObject
CreateCompatibleDC
CreateFontIndirectW
DeleteObject
CreateSolidBrush
GetObjectW
OffsetWindowOrgEx

user32

GetActiveWindow
RegisterPowerSettingNotification
UnregisterPowerSettingNotification
SetWindowLongW
GetSysColorBrush
SystemParametersInfoW
GetSystemMetrics
GetSysColor
LoadCursorW
ChangeDisplaySettingsExW
EnumDisplaySettingsExW
LoadStringW
PostMessageW
GetDlgItem
RegisterDeviceNotificationW
GetClassLongW
SendMessageW
EndPaint
BeginPaint
PtInRect
SetRect
DrawEdge
UnregisterClassA
DestroyIcon
FrameRect
GetScrollInfo
ScrollWindow
SendDlgItemMessageW
GetNextDlgTabItem
InvalidateRect
UpdateWindow
GetWindowPlacement
GetWindowRect
MoveWindow
GetWindowLongW
GetParent
CreateWindowExW
GetClientRect
MapWindowPoints
OffsetRect
DestroyWindow
SetForegroundWindow
GetForegroundWindow
IsIconic
ShowWindow
CallWindowProcW
SetWindowTextW
GetWindowTextW
EnumChildWindows
SetDlgItemTextW
EnableWindow
GetDC
ReleaseDC
SetClassLongW
NotifyWinEvent
SetWindowsHookExW
GetKeyState
GetFocus
GetDlgCtrlID
GetClassInfoW
RegisterClassW
LoadIconW
GetMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
UnregisterClassW
CreateDialogParamW
FindWindowW
LoadImageW
AllowSetForegroundWindow
GetIconInfo
CallNextHookEx
IsWindowEnabled
DrawTextW
GetWindowInfo
MonitorFromRect
GetMonitorInfoW
UnhookWindowsHookEx
FillRect
DrawFocusRect
CopyRect
InflateRect
DrawIconEx
DefWindowProcW
SetWindowPos
SetScrollInfo
PostQuitMessage
RegisterWindowMessageW
KillTimer
SetTimer
EnumDisplayDevicesW
EnumDisplaySettingsW
UnregisterDeviceNotification

msvcrt

exit
??3@YAXPAX@Z
??_V@YAXPAX@Z
memset
??_U@YAPAXI@Z
_vsnwprintf
??2@YAPAXI@Z
_ftol2_sse
ceil
memmove_s
_controlfp
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
_errno
realloc
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_amsg_exit
_initterm
_acmdln
_XcptFilter
_ismbblead
_exit
_cexit
__getmainargs
_ftol2
_purecall
__RTDynamicCast
memcpy
__CxxFrameHandler3
wcstok
wcstol
wcscspn
_wcsicmp
free

oleaut32

SysAllocString
SysFreeString
SafeArrayGetElement
VariantInit
VariantClear

powrprof

PowerReadDCValue
PowerSettingAccessCheck
GetPwrCapabilities
PowerDeterminePlatformRole
PowerReadFriendlyName
PowerGetActiveScheme
PowerSetActiveScheme

batmeter

CleanupBatteryData
QueryBatteryData
SetBatteryLevel
BatMeterOnDeviceChange
CreateBatteryData
SubscribeBatteryUpdateNotification
UnsubscribeBatteryUpdateNotification
UpdateBatteryDataAsync
GetBatteryStatusText

winmm

waveOutGetNumDevs
PlaySoundW

shell32

ord100
ord155
ShellExecuteExW
SHGetKnownFolderIDList
DuplicateIcon
ShellExecuteW

shlwapi

wnsprintfW
PathFileExistsW
StrTrimW
PathRemoveBlanksW
PathGetArgsW
ord618
ord437
ord219

ole32

CoSetProxyBlanket
CoCreateInstance
CoUninitialize
CoInitialize
CLSIDFromString
CoInitializeSecurity
CreateStreamOnHGlobal

slc

SLGetWindowsInformationDWORD

rpcrt4

UuidFromStringW

gdiplus

GdipAlloc
GdipFree
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipImageRotateFlip
GdipCreateBitmapFromStream
GdiplusStartup
GdipCreateLineBrush
GdipCreatePen1
GdipDeletePen
GdipCreatePath
GdipDeletePath
GdipAddPathLine
GdipCreateFromHDC
GdiplusShutdown
GdipCloneBrush
GdipDeleteBrush
GdipCreateBitmapFromStreamICM
GdipCreateSolidFill
GdipFillPath
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipSetSmoothingMode
GdipDrawLine
GdipFillRectangle
GdipCloneImage

uxtheme

GetThemeColor
OpenThemeData
DrawThemeBackground
BufferedPaintUnInit
GetThemePartSize
GetThemeBackgroundContentRect
GetThemeTextExtent
DrawThemeText
DrawThemeTextEx
BeginBufferedPaint
BufferedPaintSetAlpha
EndBufferedPaint
BufferedPaintInit
CloseThemeData

wlanapi

WlanFreeMemory
WlanOpenHandle
WlanRegisterNotification
WlanSetInterface
WlanCloseHandle
WlanQueryInterface
WlanEnumInterfaces
WlanGetInterfaceCapability

wmi

WmiCloseBlock
WmiExecuteMethodW
WmiOpenBlock
WmiQuerySingleInstanceW
WmiNotificationRegistrationW
WmiQueryAllDataW

comctl32

ImageList_Create
ord345
ord344
ImageList_Destroy
ImageList_DrawIndirect
ImageList_ReplaceIcon

d3d9

Direct3DCreate9Ex

dwmapi

DwmIsCompositionEnabled
DwmExtendFrameIntoClientArea

wtsapi32

WTSRegisterSessionNotification
WTSUnRegisterSessionNotification

Sections

.pexe
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 794KB - Virtual size: 793KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8bd0c6e0c90f8f215006339fa67f557a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

msvcrt

oleaut32

powrprof

batmeter

winmm

shell32

shlwapi

ole32

slc

rpcrt4

gdiplus

uxtheme

wlanapi

wmi

comctl32

d3d9

dwmapi

wtsapi32

Sections

.pexe Size: 8KB - Virtual size: 7KB

.text Size: 103KB - Virtual size: 103KB

.data Size: 3KB - Virtual size: 3KB

.rsrc Size: 794KB - Virtual size: 793KB

.reloc Size: 6KB - Virtual size: 6KB

UPX0 Size: 144KB - Virtual size: 380KB

.pexe
Size: 8KB - Virtual size: 7KB

.text
Size: 103KB - Virtual size: 103KB

.data
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 794KB - Virtual size: 793KB

.reloc
Size: 6KB - Virtual size: 6KB

UPX0
Size: 144KB - Virtual size: 380KB