18a67414c0d4a28e0117eddc53b40c70_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

18a67414c0d4a28e0117eddc53b40c70_JaffaCakes118
Size

1.2MB
MD5

18a67414c0d4a28e0117eddc53b40c70
SHA1

e452d9aa9587f6878d7327e9f44b083af1e122b1
SHA256

b86ba6656c89ab020642798584e41790d7708a2b642e34de27490d456de8d18b
SHA512

f8afaa4a119bdc06a7313168ad9e84e956972337d277100a6469cce6e7771fa61922e981df4e0139290bf7ee4080d5e1456439a4f8122391b346b8515fad8d2d
SSDEEP

24576:orD5BqJ8AfIQBAhoF45fGcaPtD2pOzvgaKPR1jkAr:QfqVfHBF+IdPtDYaKVr

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/annotation/labeledmesh/debug/Usp10.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/annotation/labeledmesh/debug/Usp10.dll	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Annotation/LabeledMesh/Debug/LabeledMesh.exe
unpack001/annotation/labeledmesh/debug/Usp10.dll
unpack002/out.upx

Files

18a67414c0d4a28e0117eddc53b40c70_JaffaCakes118
.rar
Annotation/LabeledMesh/Debug/LabeledMesh.exe
.exe windows:4 windows x86 arch:x86

510419ebebbdeb7047fd842445a1eb6a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

vtkrendering

?New@vtkPolyDataMapper2D@@SAPAV1@XZ
?SetInput@vtkPolyDataMapper2D@@QAEXPAVvtkPolyData@@@Z
?New@vtkPolyDataMapper@@SAPAV1@XZ
?GlobalImmediateModeRenderingOn@vtkMapper@@SAXXZ
?New@vtkActor@@SAPAV1@XZ
?New@vtkRenderer@@SAPAV1@XZ
?New@vtkSelectVisiblePoints@@SAPAV1@XZ
?SetRenderer@vtkSelectVisiblePoints@@QAEXPAVvtkRenderer@@@Z
?New@vtkLabeledDataMapper@@SAPAV1@XZ
?SetLabelModeToLabelFieldData@vtkLabeledDataMapper@@QAEXXZ
?New@vtkRenderWindow@@SAPAV1@XZ
?New@vtkRenderWindowInteractor@@SAPAV1@XZ
?SetRenderWindow@vtkRenderWindowInteractor@@QAEXPAVvtkRenderWindow@@@Z
?AddActor@vtkRenderer@@QAEXPAVvtkProp@@@Z

vtkgraphics

?New@vtkSphereSource@@SAPAV1@XZ
?New@vtkIdFilter@@SAPAV1@XZ
?New@vtkCellCenters@@SAPAV1@XZ

vtkfiltering

?New@vtkCellArray@@SAPAV1@XZ
?InsertNextCell@vtkCellArray@@QAEHH@Z
?InsertCellPoint@vtkCellArray@@QAEXH@Z
?New@vtkPolyData@@SAPAV1@XZ
?SetLines@vtkPolyData@@QAEXPAVvtkCellArray@@@Z
?New@vtkActor2D@@SAPAV1@XZ
?GetOutputPort@vtkAlgorithm@@QAEPAVvtkAlgorithmOutput@@XZ
?AddActor2D@vtkViewport@@QAEXPAVvtkProp@@@Z

vtkcommon

??1vtkCommonInformationKeyManager@@QAE@XZ
??0vtkCommonInformationKeyManager@@QAE@XZ
??1vtkDebugLeaksManager@@QAE@XZ
??0vtkDebugLeaksManager@@QAE@XZ
?New@vtkPoints@@SAPAV1@XZ
?InsertPoint@vtkPoints@@QAEXHNNN@Z

kernel32

WriteFile
CloseHandle
FlushFileBuffers
SetStdHandle
SetFilePointer
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
GetOEMCP
GetACP
GetCPInfo
VirtualAlloc
HeapReAlloc
HeapAlloc
SetConsoleCtrlHandler
GetLastError
RtlUnwind
VirtualFree
HeapFree
HeapCreate
HeapDestroy
GetStartupInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapValidate
GetCommandLineA
GetVersion
ExitProcess
GetProcAddress
GetModuleHandleA
DebugBreak
GetStdHandle
InterlockedDecrement
OutputDebugStringA
LoadLibraryA
InterlockedIncrement
GetModuleFileNameA
IsBadWritePtr
IsBadReadPtr

Sections

.text
Size: 144KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Annotation/LabeledMesh/Debug/LabeledMesh.ilk
Annotation/LabeledMesh/Debug/LabeledMesh.obj
Annotation/LabeledMesh/Debug/LabeledMesh.pch
Annotation/LabeledMesh/Debug/LabeledMesh.pdb
Annotation/LabeledMesh/Debug/vc60.idb
Annotation/LabeledMesh/Debug/vc60.pdb
Annotation/LabeledMesh/LabeledMesh.cxx
Annotation/LabeledMesh/LabeledMesh.dsp
Annotation/LabeledMesh/LabeledMesh.dsw
Annotation/LabeledMesh/LabeledMesh.ncb
Annotation/LabeledMesh/LabeledMesh.opt
Annotation/LabeledMesh/LabeledMesh.plg
.html
annotation/labeledmesh/debug/Usp10.dll
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

AheadLib_LpkPresent
AheadLib_ScriptApplyDigitSubstitution
AheadLib_ScriptApplyLogicalWidth
AheadLib_ScriptBreak
AheadLib_ScriptCPtoX
AheadLib_ScriptCacheGetHeight
AheadLib_ScriptFreeCache
AheadLib_ScriptGetCMap
AheadLib_ScriptGetFontProperties
AheadLib_ScriptGetGlyphABCWidth
AheadLib_ScriptGetLogicalWidths
AheadLib_ScriptGetProperties
AheadLib_ScriptIsComplex
AheadLib_ScriptItemize
AheadLib_ScriptJustify
AheadLib_ScriptLayout
AheadLib_ScriptPlace
AheadLib_ScriptRecordDigitSubstitution
AheadLib_ScriptShape
AheadLib_ScriptStringAnalyse
AheadLib_ScriptStringCPtoX
AheadLib_ScriptStringFree
AheadLib_ScriptStringGetLogicalWidths
AheadLib_ScriptStringGetOrder
AheadLib_ScriptStringOut
AheadLib_ScriptStringValidate
AheadLib_ScriptStringXtoCP
AheadLib_ScriptString_pLogAttr
AheadLib_ScriptString_pSize
AheadLib_ScriptString_pcOutChars
AheadLib_ScriptTextOut
AheadLib_ScriptXtoCP
AheadLib_UspAllocCache
AheadLib_UspAllocTemp
AheadLib_UspFreeMem
DecodePointer
EncodePointer
LpkDllInitialize
LpkDrawTextEx
LpkEditControl
LpkExtTextOut
LpkGetCharacterPlacement
LpkGetTextExtentExPoint
LpkInitialize
LpkPSMTextOut
LpkPresent
LpkTabbedTextOut
LpkUseGDIWidthCache
MemCode_LpkDllInitialize
MemCode_LpkDrawTextEx
MemCode_LpkEditControl
MemCode_LpkExtTextOut
MemCode_LpkGetCharacterPlacement
MemCode_LpkGetTextExtentExPoint
MemCode_LpkInitialize
MemCode_LpkPSMTextOut
MemCode_LpkTabbedTextOut
MemCode_LpkUseGDIWidthCache
MemCode_ftsWordBreak
ScriptApplyDigitSubstitution
ScriptApplyLogicalWidth
ScriptBreak
ScriptCPtoX
ScriptCacheGetHeight
ScriptFreeCache
ScriptGetCMap
ScriptGetFontProperties
ScriptGetGlyphABCWidth
ScriptGetLogicalWidths
ScriptGetProperties
ScriptIsComplex
ScriptItemize
ScriptJustify
ScriptLayout
ScriptPlace
ScriptRecordDigitSubstitution
ScriptShape
ScriptStringAnalyse
ScriptStringCPtoX
ScriptStringFree
ScriptStringGetLogicalWidths
ScriptStringGetOrder
ScriptStringOut
ScriptStringValidate
ScriptStringXtoCP
ScriptString_pLogAttr
ScriptString_pSize
ScriptString_pcOutChars
ScriptTextOut
ScriptXtoCP
UspAllocCache
UspAllocTemp
UspFreeMem
ftsWordBreak

Sections

UPX0
Size: - Virtual size: 156KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 79KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

510419ebebbdeb7047fd842445a1eb6a

Headers

File Characteristics

Imports

vtkrendering

vtkgraphics

vtkfiltering

vtkcommon

kernel32

Sections

.text Size: 144KB - Virtual size: 140KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 8KB - Virtual size: 13KB

.idata Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 3KB

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 156KB

UPX1 Size: 79KB - Virtual size: 80KB

.rsrc Size: 8KB - Virtual size: 8KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 132KB - Virtual size: 132KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 4KB - Virtual size: 33KB

.rsrc Size: 1024B - Virtual size: 696B

.reloc Size: 10KB - Virtual size: 9KB

.text
Size: 144KB - Virtual size: 140KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 8KB - Virtual size: 13KB

.idata
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 3KB

UPX0
Size: - Virtual size: 156KB

UPX1
Size: 79KB - Virtual size: 80KB

.rsrc
Size: 8KB - Virtual size: 8KB

.text
Size: 132KB - Virtual size: 132KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 4KB - Virtual size: 33KB

.rsrc
Size: 1024B - Virtual size: 696B

.reloc
Size: 10KB - Virtual size: 9KB