22ba66f01e30284c27c6b3effb3c9a99_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

22ba66f01e30284c27c6b3effb3c9a99_JaffaCakes118
Size

312KB
MD5

22ba66f01e30284c27c6b3effb3c9a99
SHA1

b5e7850ac17865c9884ab154d0812ccbcc64b877
SHA256

4f3a39afc172a70cb6ce529518c32530efd62d5c57ba5cf78b90173a4c1339c2
SHA512

7110723a88a243d99f05636f2e2c168ed8d402c459b28a44184aafe41d46225e45a1cfb85c93a18020319ed8864854bcbd317262e7e54dcf15c2c7ae4a231c25
SSDEEP

6144:MKDyHcXbfouFrbC2ncPBFk2cIAgln3RmFZWC:MK2Hqr1bnncPfk2y8noHWC

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
22ba66f01e30284c27c6b3effb3c9a99_JaffaCakes118

Files

22ba66f01e30284c27c6b3effb3c9a99_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d89f522b741e7e6c1e5bbfe28a651722

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileSize
GetFileTime
SystemTimeToFileTime
SetFileTime
GetFileAttributesA
SetFileAttributesA
RtlUnwind
RaiseException
HeapFree
HeapAlloc
GetStartupInfoA
GetCommandLineA
ExitProcess
GetCPInfo
GetOEMCP
HeapReAlloc
HeapSize
GetACP
SetUnhandledExceptionFilter
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
VirtualFree
VirtualAlloc
IsBadWritePtr
TerminateProcess
lstrcatA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetConsoleCtrlHandler
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
lstrcpynA
GetLastError
SetLastError
DeleteFileA
FindFirstFileA
GetFullPathNameA
SetEndOfFile
FindClose
MoveFileA
FlushFileBuffers
ReadFile
SetFilePointer
WriteFile
CreateFileA
GetCurrentProcess
LoadLibraryA
SetErrorMode
GetProcessVersion
FreeLibrary
GlobalGetAtomNameA
GetVersion
GetModuleHandleA
GlobalAddAtomA
GlobalFindAtomA
lstrcpyA
GetProcAddress
GetCurrentDirectoryA
LCMapStringA
WritePrivateProfileStringA
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
GlobalUnlock
GlobalFree
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
LocalFree
GetTickCount
GlobalLock
CloseHandle
GetModuleFileNameA
LCMapStringW
GlobalAlloc
UnhandledExceptionFilter
HeapCreate
CreateDirectoryA
GetTempFileNameA
SetCurrentDirectoryA
AreFileApisANSI
FindNextFileA
GetCommandLineW
SetStdHandle

user32

CopyRect
GetClientRect
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
DestroyMenu
AdjustWindowRectEx
SetForegroundWindow
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
SetFocus
ShowWindow
SetWindowPos
SetWindowLongA
GetDlgItem
GrayStringA
DrawTextA
RegisterWindowMessageA
WinHelpA
ReleaseDC
GetDC
GetMenuItemCount
GetWindowTextA
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
LoadStringA
UnhookWindowsHookEx
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetTopWindow
GetCapture
GetWindowLongA
EnableWindow
SetCursor
SendMessageA
PostMessageA
PostQuitMessage
TabbedTextOutA
GetClassInfoA
MessageBoxA
wsprintfA
RegisterClassA
GetMenu
GetSubMenu
GetMenuItemID
DefWindowProcA
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
UnregisterClassA
CharUpperBuffA

gdi32

CreateBitmap
SaveDC
DeleteDC
SelectObject
GetStockObject
RestoreDC
SetBkColor
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
GetDeviceCaps
RectVisible
TextOutA
PtVisible
Escape
ExtTextOutA
GetObjectA
DeleteObject

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA

comctl32

ord17

wkwin32

ord35
ord50
ord47
ord34
ord65
ord37
ord36
ord45
ord20
ord38
ord40
ord39
ord41
ord42
ord46

Sections

.text
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d89f522b741e7e6c1e5bbfe28a651722

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

comctl32

wkwin32

Sections

.text Size: 108KB - Virtual size: 105KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 16KB - Virtual size: 30KB

.rsrc Size: 12KB - Virtual size: 10KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 108KB - Virtual size: 105KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 16KB - Virtual size: 30KB

.rsrc
Size: 12KB - Virtual size: 10KB

UPX0
Size: 144KB - Virtual size: 380KB