20cfd6bbda026ca7a3d26fb685ca16d1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

20cfd6bbda026ca7a3d26fb685ca16d1_JaffaCakes118
Size

389KB
MD5

20cfd6bbda026ca7a3d26fb685ca16d1
SHA1

283aff7a09c0d0a73e63860e7151d2e40886ad8b
SHA256

66ea5df2f13fd6fa37b29633033468389ca3d261bdf316c5c5fe195cc7f0053d
SHA512

69fe3805817e221a51a9dafe602dda637e01d128f20677d1ad057b23d5ac094e703ef8d8e81ba271888ed8319fbba56f3a92bdc0b04bab97a7edf39a3219c976
SSDEEP

12288:YgTXWwrTKYf0MPY/m413tY+dLRqSlFWG:LprOwRPcmC3tY+FRqSlFWG

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
20cfd6bbda026ca7a3d26fb685ca16d1_JaffaCakes118

Files

20cfd6bbda026ca7a3d26fb685ca16d1_JaffaCakes118
.exe windows:6 windows x86 arch:x86

1873af279ad74d8cc270596ae72107ad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

eudcedit.pdb

Imports

comdlg32

GetOpenFileNameW
ChooseFontW
GetSaveFileNameW

comctl32

InitCommonControlsEx

shell32

SHGetSpecialFolderPathW
SHCreateDirectoryExW
ShellAboutW

gdi32

SelectObject
CreateFontIndirectW
GetObjectW
CreateSolidBrush
GetTextExtentPoint32W
EnumFontFamiliesW
EnableEUDC
GetStockObject
CreatePen
CreateBitmap
SetBitmapBits
GetBitmapBits
CreateCompatibleBitmap
CreatePolygonRgn
GetRgnBox
GetFontData
FillRgn
Ellipse
Rectangle
PatBlt
BitBlt
StretchBlt
DeleteDC
GetTextExtentExPointW
TranslateCharsetInfo
ExtTextOutW
ExtTextOutA
GetTextExtentPoint32A
OffsetRgn
GetTextMetricsW
DeleteObject
SetBkColor
SetTextColor
GetTextExtentPointW
CreateCompatibleDC
GetLayout

imm32

ImmEscapeW
ImmIsIME
ImmSetCompositionStringW
ImmSetConversionStatus
ImmRegisterWordW
ImmGetConversionStatus
ImmGetCompositionStringW
ImmEnumRegisterWordW
ImmConfigureIMEW
ImmAssociateContext
ImmDestroyContext
ImmCreateContext

ole32

CoInitialize
CoCreateInstance

msctf

TF_CreateThreadMgr
TF_CreateInputProcessorProfiles

oleaut32

SysFreeString
SysAllocString

advapi32

RegDeleteKeyW
RegEnumValueW
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW

kernel32

GetCurrentProcessId
InterlockedExchange
Sleep
GlobalUnlock
lstrcmpW
GlobalFree
GlobalLock
GlobalAlloc
MultiByteToWideChar
lstrlenW
GetACP
WideCharToMultiByte
lstrcmpA
CloseHandle
CreateFileW
InterlockedCompareExchange
MoveFileExW
GetTempFileNameW
GetTempPathW
GetTickCount
GetSystemWindowsDirectoryW
lstrcmpiW
UnmapViewOfFile
GetFileSize
MapViewOfFile
CreateFileMappingW
WriteFile
LocalUnlock
LocalFree
LocalLock
LocalAlloc
ReadFile
SetFilePointer
HeapSetInformation
DeleteFileW
GetSystemDefaultLCID
RegisterApplicationRestart
MoveFileW
ExpandEnvironmentStringsW
FormatMessageW
GetStartupInfoW
GetCurrentThreadId
GetModuleHandleA
CompareStringW
QueryPerformanceCounter
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter

user32

IsZoomed
IsIconic
DrawMenuBar
DeleteMenu
IntersectRect
SetRectEmpty
GetDialogBaseUnits
PeekMessageW
TranslateMessage
DispatchMessageW
GetCapture
SetActiveWindow
GetActiveWindow
GetSystemMetrics
FindWindowW
SetForegroundWindow
ShowScrollBar
GetClipboardData
GetCursorPos
SetCursor
EmptyClipboard
SetClipboardData
EnumClipboardFormats
CloseClipboard
OpenClipboard
ReleaseCapture
SetCapture
ScreenToClient
LoadMenuW
InvertRect
RegisterClipboardFormatW
UnionRect
OffsetRect
EqualRect
CopyRect
ClientToScreen
LoadIconW
EnableScrollBar
UpdateWindow
GetClientRect
DrawIcon
FillRect
GetClassInfoExW
LoadCursorW
RegisterClassExW
GetKeyboardLayout
DialogBoxParamW
GetDlgItem
EndDialog
GetWindowTextW
SetWindowTextW
DestroyCaret
PostMessageW
DefWindowProcW
HideCaret
BeginPaint
DrawEdge
GetSysColor
EndPaint
CreateCaret
SetCaretPos
ShowCaret
PtInRect
IsWindowEnabled
EnableWindow
GetWindowLongW
MessageBeep
SendMessageW
ActivateKeyboardLayout
InvalidateRect
SetFocus
GetParent
IsWindowVisible
IsWindow
SetDlgItemTextW
GetDlgItemTextW
SetRect
GetKeyboardLayoutList
SetWindowLongW
SetScrollInfo
CreateWindowExW
GetWindowRect
ReleaseDC
GetDC
MessageBoxW
LoadStringW
GetWindow

mfc42u

ord2910
ord5568
ord2070
ord6213
ord4142
ord2566
ord3567
ord609
ord2567
ord4390
ord3569
ord1172
ord1150
ord4451
ord4140
ord2619
ord2618
ord6399
ord6398
ord4495
ord5026
ord6819
ord2486
ord4071
ord3491
ord2112
ord5879
ord2084
ord402
ord554
ord4143
ord3133
ord4294
ord4407
ord4118
ord5996
ord3864
ord2119
ord2383
ord5096
ord5099
ord3345
ord975
ord2875
ord4148
ord2375
ord5280
ord4431
ord5251
ord4422
ord807
ord4241
ord1851
ord3477
ord6063
ord6193
ord6065
ord4448
ord2072
ord3792
ord2109
ord529
ord2577
ord6150
ord2522
ord4359
ord4051
ord5467
ord4116
ord2381
ord5079
ord1702
ord1707
ord4398
ord5230
ord6365
ord5275
ord5254
ord2436
ord796
ord4260
ord1922
ord692
ord2637
ord6370
ord4229
ord1560
ord641
ord3658
ord825
ord1165
ord3621
ord2385
ord2406
ord268
ord3568
ord1634
ord2855
ord567
ord3634
ord4418
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord3397
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5286
ord4347
ord5157
ord2377
ord5237
ord4395
ord1768
ord4073
ord6051
ord2573
ord4214
ord2016
ord2405
ord6362
ord1764
ord1143
ord3087
ord2634
ord324
ord3592
ord4419
ord5276
ord4401
ord1767
ord6048
ord2506
ord4992
ord5261
ord5977
ord2854
ord800
ord4155
ord540
ord4219
ord5798
ord6237
ord6195
ord4704
ord4370
ord5949
ord3093
ord4847
ord823
ord1850
ord4240
ord674
ord3688
ord3614
ord3566
ord3701
ord1633
ord5781
ord4292
ord4128
ord5784
ord5783
ord6115
ord3649
ord2576
ord4215
ord2430
ord613
ord289
ord1637
ord5790
ord2859
ord2371
ord6928
ord5436
ord6379
ord2093
ord1230
ord2444
ord640
ord2397
ord323
ord2442
ord5785
ord6168
ord5871
ord4282
ord4452
ord401
ord4421
ord2437
ord5250
ord4430
ord1658
ord2641
ord5279
ord2374
ord5233
ord4072
ord4147
ord2873
ord2874
ord3398
ord5468
ord976
ord5006
ord3346
ord4298
ord4461
ord5098
ord5094
ord3054
ord2382
ord2715
ord5095
ord755
ord470
ord5446
ord6390
ord5025
ord3716
ord795
ord3577
ord4392
ord2570
ord4213
ord2015
ord2403
ord616
ord6211
ord4445
ord4269
ord815
ord561
ord3733
ord4616
ord5710
ord5285
ord5303
ord4074
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord535
ord858
ord3517
ord3516
ord4692
ord2717
ord6113
ord2613
ord1197
ord1821
ord4270
ord6125
ord656
ord3605
ord3737
ord818
ord6017
ord5764
ord6126
ord5869
ord6185
ord1569

msvcrt

exit
_wcmdln
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
??1type_info@@UAE@XZ
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_except_handler4_common
_controlfp
_exit
_cexit
__wgetmainargs
qsort
wcsstr
_ftol2_sse
wcschr
wcstol
wcstok
_wtoi
_vsnwprintf
??_U@YAPAXI@Z
??_V@YAXPAX@Z
malloc
memset
free
__CxxFrameHandler3
wcsrchr
memcpy
_XcptFilter

Sections

.text
Size: 169KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1873af279ad74d8cc270596ae72107ad

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comdlg32

comctl32

shell32

gdi32

imm32

ole32

msctf

oleaut32

advapi32

kernel32

user32

mfc42u

msvcrt

Sections

.text Size: 169KB - Virtual size: 168KB

.data Size: 3KB - Virtual size: 15KB

.rsrc Size: 94KB - Virtual size: 93KB

.reloc Size: 14KB - Virtual size: 13KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 169KB - Virtual size: 168KB

.data
Size: 3KB - Virtual size: 15KB

.rsrc
Size: 94KB - Virtual size: 93KB

.reloc
Size: 14KB - Virtual size: 13KB

.UPX0
Size: 108KB - Virtual size: 260KB