2414b9996eee235b2abf59c1aad37692_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2414b9996eee235b2abf59c1aad37692_JaffaCakes118
Size

166KB
MD5

2414b9996eee235b2abf59c1aad37692
SHA1

f9dd2bcff7cdb508fa863c943639aaebff738970
SHA256

4145b7a1bb85dfc7c0c6ca809a1d046b27697417b10977504fb028246d7bf2c2
SHA512

5665b4ebe62c616dac0042ee32c70e8a268a7ea8e5982c77a0d712c6cfe3238fa2adc949d82487084ce2f6983b1c19e841ea812f0b465d52d2c6be24703027d9
SSDEEP

3072:WPapAVBf/22g/X5jgEq2jw370XB2nRnanAnmn4+uaLA9wPriEr9/TBfGOMWl:s3f2v5BqV370x2nRnanAnmn4PM/Ow9/N

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2414b9996eee235b2abf59c1aad37692_JaffaCakes118

Files

2414b9996eee235b2abf59c1aad37692_JaffaCakes118
.dll windows:3 windows x86 arch:x86

020bd949e1e8f40273b4b6d365e48eef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MapViewOfFile
OpenEventA
ReadFile
ReleaseMutex
ResetEvent
SetEndOfFile
SetEvent
SetFilePointer
SetFileTime
SystemTimeToFileTime
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnmapViewOfFile
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile
MultiByteToWideChar
CreateThread
ExitThread
FreeLibrary
GetCurrentThreadId
GetTickCount
GlobalLock
GlobalSize
GlobalUnlock
HeapAlloc
IsBadReadPtr
SetErrorMode
HeapReAlloc
LoadLibraryA
GetEnvironmentVariableA
GetLocalTime
GetLocaleInfoA
GetWindowsDirectoryA
FileTimeToSystemTime
GetCurrentProcess
GetDiskFreeSpaceA
GetDriveTypeA
GetFileTime
GetLogicalDrives
SetFileAttributesA
CreatePipe
DuplicateHandle
GetExitCodeProcess
PeekNamedPipe
ResumeThread
TerminateProcess
TerminateThread
GlobalFree
lstrlenA
lstrcmpiA
Sleep
GetFileSize
FormatMessageA
GetFileType
GetPrivateProfileSectionA
MoveFileA
VirtualAlloc
VirtualFree
WritePrivateProfileSectionA
HeapFree
HeapDestroy
HeapCreate
GetVolumeInformationA
GetVersion
GetTimeZoneInformation
GetTempPathA
GetSystemTime
GetSystemDirectoryA
GetProcAddress
CloseHandle
GetModuleHandleA
GetModuleFileNameA
GetLastError
GetFileAttributesA
GetCurrentProcessId
FindNextFileA
FindFirstFileA
FindClose
DeleteFileA
CreateProcessA
CreateMutexA
CreateFileMappingA
CreateFileA
CreateEventA
HeapSize

advapi32

RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
GetUserNameA

ole32

OleInitialize
OleUninitialize
CreateStreamOnHGlobal
GetHGlobalFromStream
CoInitialize
CoCreateInstance
StringFromGUID2
CoUninitialize

oleaut32

shell32

ShellExecuteA

user32

GetClassNameA
GetClipboardData
GetMessageTime
GetParent
IsClipboardFormatAvailable
MsgWaitForMultipleObjects
OpenClipboard
PeekMessageA
PostMessageA
PostQuitMessage
RegisterClassA
SendMessageTimeoutA
SetWindowsHookExA
TranslateMessage
UnhookWindowsHookEx
UnregisterClassA
ExitWindowsEx
CharToOemBuffA
GetActiveWindow
SetClipboardData
EmptyClipboard
ShowWindow
SetFocus
SetForegroundWindow
GetFocus
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
SetWindowTextA
GetClientRect
SetWindowLongA
MoveWindow
SystemParametersInfoA
GetWindowLongA
LoadCursorA
EnumWindows
DispatchMessageA
DefWindowProcA
CreateWindowExA
CloseClipboard
CallNextHookEx
PostThreadMessageA
MessageBoxA
OemToCharBuffA
DestroyWindow

wsock32

shutdown
gethostname
WSAAsyncSelect
WSAGetLastError
bind
connect
ioctlsocket
listen
recv
send
getsockname
inet_addr
closesocket
socket
inet_ntoa
WSAAsyncGetHostByAddr
WSAAsyncGetHostByName
WSACancelAsyncRequest
WSACleanup
WSAStartup
accept

Exports

Exports

DebugBreakpoint
DllCanUnloadNow
DllGetClassObject
Service
SpawnAndStart
Start
Uninstall

Sections

UPX0
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

020bd949e1e8f40273b4b6d365e48eef

Headers

File Characteristics

Imports

kernel32

advapi32

ole32

oleaut32

shell32

user32

wsock32

Exports

Exports

Sections

UPX0 Size: 160KB - Virtual size: 160KB

UPX2 Size: 1024B - Virtual size: 4KB

.avp Size: 4KB - Virtual size: 4KB

UPX0
Size: 160KB - Virtual size: 160KB

UPX2
Size: 1024B - Virtual size: 4KB

.avp
Size: 4KB - Virtual size: 4KB