22728914ae2ededa98ed7df8245d7a59_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

22728914ae2ededa98ed7df8245d7a59_JaffaCakes118
Size

259KB
MD5

22728914ae2ededa98ed7df8245d7a59
SHA1

4e8215680bd657c1ce33e661b6c37659ed433a96
SHA256

36e9372fbe3f3877e4cda91f2a11531d5217e9190ea33cce044310185fcbfb0b
SHA512

0e4fd62e5e616b93291324e5c8cac26a689ceec1417397530bc136e6cc313b401e22c7060cffe11b4665c6e3cb6c4ffeacc60768355b6f1ca3acbc8af64abbac
SSDEEP

3072:G3Nm/U1KsnltTkyuXJFBnUBWEIhF3ZVfbkfO6dF822mw47BNkft7gZLkrZw7oRRv:GdQ8XyJFGBLITTmOGai1ZOaw

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
22728914ae2ededa98ed7df8245d7a59_JaffaCakes118

Files

22728914ae2ededa98ed7df8245d7a59_JaffaCakes118
.exe windows:4 windows x86 arch:x86

39b8620f03cfc8e9baaa19c70c92d749

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesA
GetFileTime
GetCurrentDirectoryA
RtlUnwind
HeapAlloc
HeapFree
CreateDirectoryA
ExitProcess
GetStartupInfoA
GetCommandLineA
RaiseException
HeapReAlloc
HeapSize
SetStdHandle
GetFileType
HeapDestroy
HeapCreate
SetErrorMode
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
VirtualProtect
VirtualQuery
SetEnvironmentVariableA
GetOEMCP
GetCPInfo
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
InterlockedIncrement
GlobalFlags
FindNextFileA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
InterlockedDecrement
GetCurrentThread
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
MoveFileA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
GetModuleHandleA
GetCurrentThreadId
CloseHandle
GetLastError
SetLastError
MulDiv
FormatMessageA
lstrcpynA
LocalFree
GlobalLock
GlobalUnlock
FreeResource
GetCurrentProcessId
GetSystemDirectoryA
WritePrivateProfileStringA
Beep
WinExec
CopyFileA
DeleteFileA
GetPrivateProfileStringA
WaitForSingleObject
GetModuleFileNameA
LoadLibraryA
GetProcAddress
FreeLibrary
GetComputerNameA
GetSystemInfo
lstrcatA
GlobalMemoryStatus
GetDriveTypeA
GetDiskFreeSpaceA
GetTempPathA
CreateToolhelp32Snapshot
Process32First
OpenProcess
TerminateProcess
Process32Next
GetTickCount
FindResourceA
LoadResource
LockResource
SizeofResource
GlobalSize
GlobalAlloc
GlobalReAlloc
GlobalFree
lstrcpyA
CreateThread
lstrlenA
lstrcmpiA
CompareStringW
CompareStringA
GetVersion
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
Sleep
VirtualFree

advapi32

RegCloseKey
RegQueryValueExA
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegOpenKeyA
RegDeleteKeyA
RegEnumKeyA
GetUserNameA
RegQueryValueA

comctl32

comdlg32

GetFileTitleA

gdi32

ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetDeviceCaps
CreateCompatibleDC
CreatePalette
CreateCompatibleBitmap
GetObjectA
SetMapMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
CreateDCA
SelectObject
DeleteDC
DeleteObject
GetSystemPaletteEntries
GetStockObject
SelectPalette
GetDIBits
BitBlt
RealizePalette

oleacc

CreateStdAccessibleObject
LresultFromObject

oleaut32

rasapi32

RasEnumConnectionsA
RasGetConnectStatusA

shell32

ShellExecuteA

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA

user32

DestroyMenu
LoadCursorA
GetSysColorBrush
SetCursor
SetTimer
KillTimer
WaitMessage
PostQuitMessage
EndPaint
BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
ShowWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
GetFocus
SetFocus
GetWindowTextLengthA
GetLastActivePopup
GetMessageTime
GetMessagePos
LoadIconA
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetClientRect
GetMenu
PostMessageA
GetSysColor
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
UnregisterClassA
GetDlgCtrlID
SendMessageA
IsWindowVisible
GetWindow
EnableWindow
wsprintfA
CharUpperA
FindWindowA
GetWindowRect
GetDesktopWindow
ReleaseDC
GetDC
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
IsIconic
GetWindowPlacement
CopyRect
PtInRect
TranslateMessage
GetKeyState
GetCursorPos
ValidateRect
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetWindowLongA
GetDlgItem
IsWindowEnabled
GetTopWindow
CopyImage
MessageBoxA
GetSystemMetrics
LockWindowUpdate
ToAscii
GetKeyboardState
GetKeyNameTextA
GetWindowTextA
GetActiveWindow
CallNextHookEx
UnhookWindowsHookEx
DispatchMessageA
SetKeyboardState
GetMessageA
PeekMessageA
SetWindowsHookExA
CharToOemA
GetForegroundWindow
GetParent
GetNextDlgTabItem
EndDialog
ExitWindowsEx
SetCursorPos
IsWindow
SystemParametersInfoA
keybd_event
ClientToScreen

wininet

FtpGetFileA
InternetConnectA
FtpFindFirstFileA
FtpPutFileA
FtpGetCurrentDirectoryA
FtpSetCurrentDirectoryA
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
InternetFindNextFileA
InternetGetConnectedState

winmm

mciSendCommandA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

wsock32

htonl
select
accept
WSACleanup
WSAStartup
WSAAsyncSelect
inet_addr
gethostbyname
inet_ntoa
htons
connect
recv
send
closesocket
bind
WSAGetLastError
sendto
WSASetLastError
gethostname
recvfrom
socket

Sections

UPX0
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

39b8620f03cfc8e9baaa19c70c92d749

Headers

File Characteristics

Imports

kernel32

advapi32

comctl32

comdlg32

gdi32

oleacc

oleaut32

rasapi32

shell32

shlwapi

user32

wininet

winmm

winspool.drv

wsock32

Sections

UPX0 Size: 244KB - Virtual size: 244KB

.rsrc Size: 5KB - Virtual size: 8KB

.avp Size: 8KB - Virtual size: 8KB

UPX0
Size: 244KB - Virtual size: 244KB

.rsrc
Size: 5KB - Virtual size: 8KB

.avp
Size: 8KB - Virtual size: 8KB