24c8731b902dbbff1ce9c4b5560112cc_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

24c8731b902dbbff1ce9c4b5560112cc_JaffaCakes118
Size

1.1MB
MD5

24c8731b902dbbff1ce9c4b5560112cc
SHA1

5d7cf4dbc9d552623eba3c2bd1d702ec25fe7b81
SHA256

cb6734f1148884ba4d86de06a13daca48728794f60d659e9a7007003badad7f9
SHA512

9c919824fcc6f933e6442399c77a241f4155cbe59dac38c0bf51f8dd7682d6262666bff3b8c5a206f92f3d1ce8076c854aa3d78697774cad1bcebbb837fcaacc
SSDEEP

24576:eei7WspgdRaeAjQdXzk0jx0QvI8GKE38kqY:eD71yL1zk0ZwzKE38DY

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
24c8731b902dbbff1ce9c4b5560112cc_JaffaCakes118

Files

24c8731b902dbbff1ce9c4b5560112cc_JaffaCakes118
.exe windows:6 windows x86 arch:x86

d6b8709741191858fd2753259bf84686

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

WinCal.pdb

Imports

advapi32

RegCloseKey
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
GetUserNameW
RegOpenKeyExW
RegEnumKeyExW
RegLoadMUIStringW
RegGetValueW

kernel32

GetModuleFileNameW
GetProcAddress
GetLocaleInfoW
ExpandEnvironmentStringsW
FindFirstChangeNotificationW
FindNextChangeNotification
RegisterWaitForSingleObject
UnregisterWait
CompareFileTime
GetShortPathNameW
DeleteFileW
GetEnvironmentVariableW
GetSystemTime
GetDateFormatW
InterlockedDecrement
OutputDebugStringW
GetTimeFormatW
GetProcessHeap
HeapFree
FileTimeToSystemTime
GetLocalTime
SystemTimeToFileTime
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
GetModuleHandleW
GlobalLock
GlobalSize
GlobalAlloc
GlobalUnlock
MulDiv
lstrlenW
FindCloseChangeNotification
HeapAlloc
GetTickCount
GetCalendarInfoW
CompareStringW
LocalFree
FreeLibrary
FormatMessageW
LocalAlloc
HeapSetInformation
RegisterApplicationRestart
GetCommandLineW
CreateMutexW
GetLastError
CloseHandle
Sleep
GlobalAddAtomW
SetLastError
CreateThread
CopyFileExW
CreateTimerQueue
CreateTimerQueueTimer
DeleteTimerQueueEx
SetEvent
DeleteTimerQueueTimer
CreateEventW
GetFileAttributesW
FindNextFileW
WaitForSingleObject
ReleaseMutex
WriteFile
CreateFileMappingW
MapViewOfFile
GetFileSize
UnmapViewOfFile
MoveFileExW
CopyFileW
SetFileAttributesW
FindFirstFileW
FindClose
TzSpecificLocalTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
EnterCriticalSection
LeaveCriticalSection
WritePrivateProfileStringW
GetPrivateProfileStringW
GetTempFileNameW
GetTempPathW
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
GetFileSizeEx
FindResourceW
SizeofResource
LoadResource
LockResource
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
LoadLibraryW
GlobalFree

gdi32

SetDCPenColor
CreateCompatibleBitmap
ExtTextOutW
MoveToEx
LineTo
CreatePen
Rectangle
SetBkMode
ExcludeClipRect
DeleteObject
GetStockObject
CreateDIBSection
CreateSolidBrush
DeleteDC
StretchBlt
SelectObject
CreateCompatibleDC
GetDeviceCaps
CreateFontIndirectW
GetTextExtentPoint32W
BitBlt
GetObjectW
SetBkColor
TextOutW
GetTextMetricsW
SetTextColor
EndDoc
EndPage
StartPage
StartDocW
ResetDCW

user32

ShowWindow
DispatchMessageW
UpdateWindow
ScreenToClient
GetParent
PtInRect
MapWindowPoints
SetFocus
GetFocus
GetClientRect
CreateWindowExW
CharNextW
CharUpperBuffW
TranslateMessage
IsDialogMessageW
TranslateAcceleratorW
GetMessageW
SendMessageTimeoutW
SetForegroundWindow
GetLastActivePopup
PostMessageW
IsIconic
FindWindowW
EnableWindow
GetDlgItem
GetDlgItemTextW
SendMessageW
LoadStringW
SetDlgItemTextW
LoadIconW
EndDialog
GetSysColor
ReleaseDC
GetDC
SystemParametersInfoW
GetIconInfo
DestroyIcon
RegisterClassW
DialogBoxParamW
DefWindowProcW
DestroyWindow
BeginPaint
EnableMenuItem
IsClipboardFormatAvailable
MessageBoxW
ReplyMessage
InSendMessage
GetSystemMetrics
TrackPopupMenu
GetWindowRect
GetNextDlgTabItem
GetKeyState
PostQuitMessage
EnumChildWindows
SetWindowPos
SetCursor
LoadCursorW
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
MessageBeep
IsChild
SetTimer
GetWindowPlacement
SetWindowPlacement
KillTimer
MoveWindow
CloseClipboard
EmptyClipboard
OpenClipboard
LoadAcceleratorsW
SetWindowTextW
SetMenuDefaultItem
CheckMenuItem
DestroyMenu
TrackPopupMenuEx
GetSubMenu
LoadMenuW
InsertMenuItemW
CreatePopupMenu
EqualRect
IntersectRect
IsWindow
SetCapture
GetScrollInfo
GetCursorPos
IsRectEmpty
GetClipboardOwner
ReleaseCapture
SendDlgItemMessageW
DrawFocusRect
FillRect
GetSysColorBrush
RemovePropW
SetWindowLongW
GetPropW
SetPropW
CheckDlgButton
IsDlgButtonChecked
GetClassNameW
SetScrollInfo
ShowScrollBar
SetScrollPos
GetWindowLongW
GetScrollPos
GetWindowTextW
GetWindowTextLengthW
NotifyWinEvent
GetCursor
SetRect
SetClipboardData
RedrawWindow
DrawFrameControl
CheckRadioButton
SetDlgItemInt
GetDlgItemInt
GetClipboardData
GetAncestor
InflateRect
SetMenuItemInfoW
RemoveMenu
DrawEdge
DrawTextW
CopyRect
LoadBitmapW
GetWindowDC
LoadImageW
IsWindowEnabled
ChildWindowFromPoint
SetRectEmpty
ScrollWindowEx
OffsetRect
InvalidateRect

msvcrt

wcschr
memchr
isdigit
isalpha
rand
floor
wcsrchr
_wtoi64
atol
_controlfp
_except_handler4_common
_onexit
wcscspn
_ultow
_strnicmp
_vsnprintf
atoi
atof
wcstoul
wcstol
wcspbrk
malloc
memset
free
??_V@YAXPAX@Z
memmove
__CxxFrameHandler3
_ftol2
??_U@YAPAXI@Z
memcpy
_purecall
_ftol2_sse
_vsnwprintf
wcsstr
_wcsicmp
ceil
_CIlog
_itow
_wtoi
wcsncmp
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_amsg_exit
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_unlock
_lock
__dllonexit

atl

ord30
ord21
ord32
ord58
ord16

ntdll

WinSqmEventWrite
WinSqmEventEnabled
WinSqmAddToStream

ole32

OleInitialize
OleUninitialize
CoTaskMemRealloc
ReleaseStgMedium
CoCreateInstance
CoTaskMemFree
RegisterDragDrop
CoInitializeEx
CoUninitialize
CLSIDFromProgID
DoDragDrop

oleaut32

VariantTimeToSystemTime
SysStringLen
SysFreeString
VariantClear
SystemTimeToVariantTime
SysAllocString
GetErrorInfo
CreateErrorInfo
SetErrorInfo
SysAllocStringLen
LoadTypeLibEx

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

comctl32

ImageList_Add
ImageList_Create
ord411
ImageList_EndDrag
ord410
ord412
ImageList_DragMove
ImageList_DragShowNolock
ImageList_BeginDrag
ImageList_DragEnter
ord413
ord344
ImageList_GetIcon
ImageList_LoadImageW
ImageList_GetImageInfo
ImageList_ReplaceIcon
ImageList_Destroy
InitCommonControlsEx
ord345
PropertySheetW
CreatePropertySheetPageW
ImageList_Draw

gdiplus

GdipDrawLine
GdipAddPathRectangle
GdipAddPathArc
GdipAddPathLine
GdipClosePathFigures
GdipCreateLineBrushFromRect
GdipTranslateMatrix
GdipSetMatrixElements
GdipSetImageAttributesColorKeys
GdipGetImageHeight
GdipGetImageWidth
GdipDeleteRegion
GdipDeletePath
GdipCreatePath
GdipSetSolidFillColor
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipMeasureString
GdipEndContainer
GdipBeginContainer2
GdipGetDpiY
GdipGetDpiX
GdipGetWorldTransform
GdipCloneStringFormat
GdipSetWorldTransform
GdipCreateMatrix2
GdipDrawLineI
GdipDeleteMatrix
GdipGetFontHeight
GdipCreateFromHDC
GdipDeleteGraphics
GdipCloneImage
GdipCloneBrush
GdipCreateFontFromLogfontW
GdipCreateFontFromDC
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipSetPenMode
GdipCreateSolidFill
GdipDisposeImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipDeleteFont
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeletePen
GdipCreatePen1
GdipDeleteBrush
GdipFree
GdiplusStartup
GdiplusShutdown
GdipGetStringFormatFlags
GdipSetStringFormatDigitSubstitution
GdipGetStringFormatDigitSubstitution
GdipDrawString
GdipFillRectangleI
GdipFillPath
GdipDrawImageRectRect
GdipSetClipRect
GdipSetClipRegion
GdipGetClip
GdipGetClipBounds
GdipCreateRegion
GdipFillRectangle
GdipSetClipRectI
GdipAlloc
GdipResetClip
GdipDrawRectangle
GdipDrawRectangleI
GdipCreateMatrix
GdipMultiplyWorldTransform

shlwapi

PathCreateFromUrlW
PathIsUNCServerShareW
PathAddBackslashW
ColorHLSToRGB
UrlIsW
PathCanonicalizeW
PathCombineW
PathRemoveBackslashW
PathFileExistsW
ColorRGBToHLS
PathMatchSpecW
PathAppendW
PathAddExtensionW
PathFindExtensionW
PathGetCharTypeW
PathRemoveExtensionW
PathStripPathW
PathIsURLW
UrlApplySchemeW
PathIsFileSpecW
PathFindFileNameW
PathRemoveFileSpecW
ord12
ord629
PathIsDirectoryW

uxtheme

DrawThemeBackground
OpenThemeData
GetThemePartSize
CloseThemeData
SetWindowTheme
IsThemeActive

shell32

ord155
DragQueryFileW
SHGetPathFromIDListW
ShellExecuteExW
ShellAboutW
ShellExecuteW
CommandLineToArgvW
SHBrowseForFolderW
SHGetFolderPathAndSubDirW
ord171
SHGetKnownFolderIDList
SHGetFolderPathW
ord47

comdlg32

GetSaveFileNameW
ChooseColorW
PrintDlgW
GetOpenFileNameW

winhttp

WinHttpSetCredentials
WinHttpOpen
WinHttpConnect
WinHttpOpenRequest
WinHttpCrackUrl
WinHttpSetOption
WinHttpGetProxyForUrl
WinHttpCloseHandle
WinHttpQueryAuthSchemes
WinHttpCheckPlatform
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpGetIEProxyConfigForCurrentUser

winmm

PlaySoundW

secur32

GetUserNameExW

msimg32

GradientFill

rpcrt4

UuidToStringW
UuidFromStringW
UuidCreate
RpcStringFreeW

mpr

WNetGetNetworkInformationW
WNetUseConnectionW
WNetGetProviderNameW
WNetGetLastErrorW

credui

CredUIPromptForCredentialsW

netapi32

DavGetUNCFromHTTPPath
DavGetHTTPFromUNCPath

Sections

.text
Size: 438KB - Virtual size: 437KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 477KB - Virtual size: 477KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d6b8709741191858fd2753259bf84686

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

msvcrt

atl

ntdll

ole32

oleaut32

oleacc

comctl32

gdiplus

shlwapi

uxtheme

shell32

comdlg32

winhttp

winmm

secur32

msimg32

rpcrt4

mpr

credui

netapi32

Sections

.text Size: 438KB - Virtual size: 437KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 477KB - Virtual size: 477KB

.reloc Size: 24KB - Virtual size: 23KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 438KB - Virtual size: 437KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 477KB - Virtual size: 477KB

.reloc
Size: 24KB - Virtual size: 23KB

UPX0
Size: 144KB - Virtual size: 380KB