2125c841851ceca0f397bb9a439f5403_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2125c841851ceca0f397bb9a439f5403_JaffaCakes118
Size

272KB
MD5

2125c841851ceca0f397bb9a439f5403
SHA1

4c7075609cc6bc6da0b069e90218f5e2e7ef1f57
SHA256

e1ba747fc6009c395f47c3122a4fbb0f723a64743a891f579e57fd061f3ef546
SHA512

64b77a8526996760bb32ef9f988d653cccbecd6d9fe30259b422247b104ebef5d5c8ea65464b4a1b2436c4a559788e7c026dd2322ae8faf4c728bca95f6c27ee
SSDEEP

6144:3/czo6nk3xXqVXOHD8CQcsnN0WLer+gdGBsPP:30zrnsqVeorieghjP

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2125c841851ceca0f397bb9a439f5403_JaffaCakes118

Files

2125c841851ceca0f397bb9a439f5403_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d88d37e3eccf52f9f957b912c7636008

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Project\VE Platform\1.2.11\Source\Module\VzCdbSvc\Release\VzCdbSvc.pdb

Imports

kernel32

GetModuleHandleW
GetCommandLineW
ResetEvent
OpenFileMappingW
GetSystemTimeAsFileTime
LoadLibraryExW
GetTickCount
QueryPerformanceCounter
GetStartupInfoW
GetModuleHandleA
ExitProcess
GetVersionExA
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
GetCurrentThreadId
SetEvent
lstrcatW
lstrcpynW
CreateEventW
CreateThread
GetCurrentThread
GetCurrentProcess
GetModuleFileNameW
lstrcmpiW
GetLastError
lstrcpyW
lstrlenW
InterlockedDecrement
Sleep
WaitForSingleObject
CloseHandle
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
GetCurrentProcessId
InterlockedExchange

user32

CharNextW
TranslateMessage
DispatchMessageW
GetMessageW
LoadStringW
PostThreadMessageW
MessageBoxW

advapi32

AllocateAndInitializeSid
OpenThreadToken
OpenProcessToken
SetSecurityDescriptorDacl
RegEnumKeyExW
ControlService
DeleteService
CreateServiceW
InitializeAcl
AddAccessAllowedAce
GetAclInformation
AddAce
GetAce
GetTokenInformation
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
IsValidSid
GetLengthSid
CopySid
RegQueryInfoKeyW
SetServiceStatus
OpenSCManagerW
OpenServiceW
CloseServiceHandle
RegOpenKeyExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegSetValueExW
RegQueryValueExW
RegCloseKey
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW

shell32

CommandLineToArgvW

ole32

CoTaskMemAlloc
CoUninitialize
CoInitializeEx
CoTaskMemFree
CoCreateInstance
CoSuspendClassObjects
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemRealloc
StringFromGUID2
CoInitializeSecurity
CLSIDFromString
CoResumeClassObjects

oleaut32

SysFreeString
SysAllocString
SysAllocStringByteLen
SysStringByteLen
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
VarBstrCmp

shlwapi

PathFindExtensionW

msvcp71

?_Nomemory@std@@YAXXZ
?clear@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXXZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
?empty@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE_NXZ
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z

msvcr71

_beginthreadex
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_amsg_exit
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__security_error_handler
_callnewh
memset
_itow
_purecall
wcscpy
wcsstr
wcscat
realloc
wcsncpy
_CxxThrowException
_except_handler3
free
??0exception@@QAE@ABV0@@Z
__CxxFrameHandler
??3@YAXPAX@Z
??_V@YAXPAX@Z
??1exception@@UAE@XZ
??0exception@@QAE@XZ
wcstok
_wcsdup
memmove
wcscmp
_ltow
_endthreadex
_wcsicmp
_endthread
_beginthread
malloc
fclose
wcsncmp
wcslen
_wtoi
fgetws
_wfopen

Sections

.text
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d88d37e3eccf52f9f957b912c7636008

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcp71

msvcr71

Sections

.text Size: 80KB - Virtual size: 78KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 12KB - Virtual size: 8KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 80KB - Virtual size: 78KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 12KB - Virtual size: 8KB

UPX0
Size: 144KB - Virtual size: 380KB