1790625bc4240503aad2ca12ec67ee4b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1790625bc4240503aad2ca12ec67ee4b_JaffaCakes118
Size

158KB
MD5

1790625bc4240503aad2ca12ec67ee4b
SHA1

2618ff69cb573f902909984fa4f4718321fb4408
SHA256

846b075ecc6272649f4523e52dbd68142d851f6ce1a68c35998dd403b078a9d4
SHA512

33df594d7bb56b19159c1574819c4370565389f9c53d3db04483bcbb7e54fd1c0c93f34bdcf823f05b0e858527aff9b4f2aa6cf43294f807c9a49f6ef27842ca
SSDEEP

3072:cXanTbmzZCRALzY2QQckyXXS7/fXIz8mSNAojE2ux:uanTbQCONQ/fXXSj/Q8mSNAojED

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1790625bc4240503aad2ca12ec67ee4b_JaffaCakes118

Files

1790625bc4240503aad2ca12ec67ee4b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

403a1c04295366d4044aabbdade79431

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_except_handler3
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
wcscpy
iswalpha
??3@YAXPAX@Z
??2@YAPAXI@Z
_exit
_c_exit
wcschr
wcscmp
_wcsicmp

advapi32

RegQueryValueExW
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyExW
RegSetValueExW
RegCloseKey
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegCreateKeyExW

kernel32

lstrcmpW
lstrcpynW
GetLastError
CreateMutexW
SetEvent
CreateEventW
OpenEventW
ReleaseMutex
CreateThread
WaitForMultipleObjects
lstrcmpiW
CloseHandle
GetCommandLineW
GetModuleHandleA
GetStartupInfoA
GetCurrentThreadId
Sleep
GetProcAddress
lstrlenW
LoadLibraryA

user32

SendMessageW
LoadImageW
GetSystemMetrics
MessageBoxW
LoadStringW
wsprintfW
SetProcessWindowStation
OpenWindowStationW
GetProcessWindowStation
OpenInputDesktop
SetWindowPos
GetWindowRect
GetDesktopWindow
EnableWindow
GetDlgItem
IsIconic
EndDialog
IsDlgButtonChecked
WinHelpW
GetThreadDesktop
IsWindowVisible
PostQuitMessage
ShowWindow
KillTimer
SetTimer
CheckDlgButton
DialogBoxParamW
SystemParametersInfoW
AppendMenuW
GetSystemMenu
CreateDialogParamW
DispatchMessageW
TranslateMessage
IsDialogMessageW
GetMessageW
RegisterWindowMessageW
OpenDesktopW
GetUserObjectInformationW
CloseDesktop
SetThreadDesktop
MessageBeep
PostMessageW
CloseWindowStation

narrhook

?GetTrackCaret@@YGHXZ
?SetReviewLevel@@YGXH@Z
?SetAnnounceToolTips@@YGXH@Z
?SetAnnouncePopup@@YGXH@Z
?SetAnnounceMenu@@YGXH@Z
?SetAnnounceWindow@@YGXH@Z
?SetEchoChars@@YGXH@Z
?SetTrackInputFocus@@YGXH@Z
?SetTrackCaret@@YGXH@Z
?UninitKeys@@YGHXZ
?UnInitMSAA@@YGHXZ
?GetCurrentText@@YGXPAGH@Z
?BackToApplication@@YGXXZ
?InitKeys@@YGHPAUHWND__@@@Z
?InitMSAA@@YGHXZ
?GetEchoChars@@YGHXZ
?GetAnnounceWindow@@YGHXZ
?GetAnnounceMenu@@YGHXZ
?GetAnnouncePopup@@YGHXZ
?GetAnnounceToolTips@@YGHXZ
?GetReviewLevel@@YGHXZ
?GetTrackInputFocus@@YGHXZ

ole32

CoTaskMemFree
CoCreateInstance
CoInitialize

shell32

ShellExecuteW
ord258

comctl32

ord17

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

403a1c04295366d4044aabbdade79431

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

user32

narrhook

ole32

shell32

comctl32

Sections

.text Size: 17KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 40KB

.rsrc Size: 31KB - Virtual size: 31KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 17KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 40KB

.rsrc
Size: 31KB - Virtual size: 31KB

.UPX0
Size: 108KB - Virtual size: 260KB