1bff0058885f8f82f9f7dc762f0a49d2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1bff0058885f8f82f9f7dc762f0a49d2_JaffaCakes118
Size

253KB
MD5

1bff0058885f8f82f9f7dc762f0a49d2
SHA1

c16303e1e75f2758c993346a65d587fa8e3a71ba
SHA256

8ab611db7a6febda2afbf8e02bad9668196284a89a47ea57c86f9e83345d6e64
SHA512

ca90469fdb9c2a002f7bb6cabd4f8c70e87f06678db125517a1dc59c397421257750810e7911c5677f6e4cf827f0e9fa3583db9995c294bfd566fb7d77aed91f
SSDEEP

6144:IejBnq+rYi4r/wKKXDWB93hs35IjjVoYcSDZYb:PcigJPfSpoj2txb

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Setup1.exe	upx

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Setup1.exe
unpack001/output.exe
unpack001/pa.exe
unpack001/setup1__.exe

Files

1bff0058885f8f82f9f7dc762f0a49d2_JaffaCakes118
.zip
Sector_1_HardDisk0-infected.dat
Sector_1_HardDisk0_clean.dat
Setup1.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 172KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ccrypt
Size: 512B - Virtual size: 4KB
output.exe
.exe windows:4 windows x86 arch:x86

a4b42a7b09779e20098b89e9fcd1cc4b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Cryptor\Stub3\Release\STUB3.pdb

Imports

kernel32

CreateFileA
ReadFile
SetFilePointer
WriteFile
CloseHandle
GetFileSize
GlobalAlloc
GetModuleHandleA
SetThreadContext
VirtualAllocEx
VirtualProtectEx
GetThreadContext
CreateProcessA
GetSystemTime
GetModuleFileNameA
GetProcAddress
LoadLibraryA
InterlockedIncrement
ExitProcess
Sleep
VirtualProtect
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
SetEndOfFile
HeapSize
GetCPInfo
GetOEMCP
GetACP
VirtualQuery
InterlockedExchange
RtlUnwind
GetStartupInfoA
GetCommandLineA
GetVersionExA
HeapFree
GetLastError
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
TerminateProcess
GetCurrentProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
SetStdHandle
FlushFileBuffers
GetSystemInfo

user32

EnumWindows
LoadIconA
LoadCursorA
RegisterClassExA
DefWindowProcA
DestroyWindow
BeginPaint
EndPaint
PostQuitMessage
CreateWindowExA
ShowWindow
UpdateWindow
GetWindowTextA

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
output.exe.txt
pa.exe
.exe windows:5 windows x86 arch:x86

ec9dd1d53725a85ecc31e010df3ff145

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
VirtualFree
HeapDestroy
HeapCreate
HeapAlloc
GetModuleHandleA
IsDebuggerPresent
SetUnhandledExceptionFilter
RtlUnwind
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
ExitProcess

user32

GetWindowDC
DrawIconEx
LoadBitmapA
LoadIconA
SetWindowTextA
DrawFrameControl
GetDC

gdi32

SetBitmapBits

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 478B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
setup1__.exe
.exe windows:6 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 5KB - Virtual size: 12KB

Size: 84KB - Virtual size: 4B

��
Size: - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 48KB

UPX1 Size: 11KB - Virtual size: 12KB

.rsrc Size: 172KB - Virtual size: 12KB

.ccrypt Size: 512B - Virtual size: 4KB

a4b42a7b09779e20098b89e9fcd1cc4b

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

Sections

.text Size: 28KB - Virtual size: 25KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 48KB - Virtual size: 47KB

ec9dd1d53725a85ecc31e010df3ff145

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Sections

.text Size: 6KB - Virtual size: 5KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 6KB - Virtual size: 48KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 478B

Headers

File Characteristics

Sections

 Size: 5KB - Virtual size: 12KB

Size: 84KB - Virtual size: 4B

���� Size: - Virtual size:

UPX0
Size: - Virtual size: 48KB

UPX1
Size: 11KB - Virtual size: 12KB

.rsrc
Size: 172KB - Virtual size: 12KB

.ccrypt
Size: 512B - Virtual size: 4KB

.text
Size: 28KB - Virtual size: 25KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 48KB - Virtual size: 47KB

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 6KB - Virtual size: 48KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 478B

Size: 5KB - Virtual size: 12KB

��
Size: - Virtual size: