28aa2d53c29cc220738594e69a511fbc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

28aa2d53c29cc220738594e69a511fbc_JaffaCakes118
Size

251KB
MD5

28aa2d53c29cc220738594e69a511fbc
SHA1

f913179982a151be7e89e61933879ebb473fbda3
SHA256

50be6097247705b0cc4077d59db0b17a1b8579184d9e06931dd936146eec1906
SHA512

b98ed9aed01194cb224a6acf60f94103a2e774e6fc8585531ba761f9e2ffe911c5ae0b0aed17207587b94b70e5cea72af02ee1e120a7d144eabfa43b546c6623
SSDEEP

6144:Cx9K/OGvpqB1RWFhlei465obq8V9yqImhx4Pt:XIBHH9VJIX

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
28aa2d53c29cc220738594e69a511fbc_JaffaCakes118

Files

28aa2d53c29cc220738594e69a511fbc_JaffaCakes118
.exe windows:6 windows x86 arch:x86

f6706276889a2fa4c66e41552fbb8a5d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

WLXQuickTimeControlHost.pdb

Imports

advapi32

RegSetValueExW
RegDeleteKeyW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyExW
UnregisterTraceGuids
TraceEvent
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegQueryValueExA
RegOpenKeyExA
RegisterTraceGuidsW

kernel32

lstrlenW
InterlockedDecrement
LoadLibraryExW
GetModuleHandleW
OutputDebugStringA
LoadLibraryW
GetModuleFileNameW
lstrcmpiW
GetProcessHeap
LocalFree
HeapAlloc
GetCurrentProcess
FlushInstructionCache
GlobalAlloc
InterlockedIncrement
GlobalLock
GlobalUnlock
lstrcmpW
GetCurrentThreadId
HeapSetInformation
GetVersionExW
WaitForSingleObject
Sleep
CreateEventW
InitializeCriticalSection
SetEvent
CloseHandle
GetCommandLineW
FindResourceExW
SetLastError
LoadResource
GetProcAddress
GetModuleHandleA
LockResource
RaiseException
SizeofResource
GetFileAttributesW
MultiByteToWideChar
FindResourceW
FreeLibrary
GetVersion
MulDiv
DeleteCriticalSection
GetShortPathNameW
GetLastError
LeaveCriticalSection
GetSystemDirectoryA
CreateMutexA
ReleaseMutex
GetModuleFileNameA
GlobalFree
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoW
GetVersionExA
GetThreadLocale
GetLocaleInfoA
InterlockedExchange
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapFree
InterlockedCompareExchange
EnterCriticalSection
GetACP
WideCharToMultiByte
CreateThread

gdi32

CreateCompatibleDC
GetObjectW
GetStockObject
GetDeviceCaps
BitBlt
CreateCompatibleBitmap
SelectObject
CreateDIBSection
DeleteDC
CreateSolidBrush
DeleteObject

user32

wsprintfA
UnregisterClassA
CallWindowProcW
DefWindowProcW
CharNextW
ReleaseDC
GetClientRect
ReleaseCapture
MoveWindow
RegisterClassExW
SetCapture
IsChild
DestroyAcceleratorTable
FillRect
GetWindowLongW
SetWindowLongW
RedrawWindow
GetClassNameW
RegisterWindowMessageW
GetClassInfoExW
CreateAcceleratorTableW
GetWindow
LoadCursorW
CharUpperW
GetMessageW
TranslateMessage
DispatchMessageW
PostThreadMessageW
GetDC
SetWindowPos
SetFocus
GetParent
GetFocus
GetDlgItem
ClientToScreen
ScreenToClient
BeginPaint
EndPaint
GetSysColor
CreateWindowExW
DestroyWindow
IsWindow
GetWindowTextLengthW
GetWindowTextW
GetDesktopWindow
SetWindowTextW
ShowWindow
InvalidateRgn
SendMessageW
InvalidateRect

msvcr80

_access
strncpy
_vscwprintf
vswprintf_s
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_controlfp_s
_invoke_watson
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__set_app_type
memcpy_s
free
memmove_s
wcsncpy_s
malloc
_recalloc
_purecall
swprintf_s
wcscat_s
wcscpy_s
memset
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__CxxFrameHandler3

ole32

CoRevokeClassObject
CoInitialize
CoUninitialize
CreateStreamOnHGlobal
CoGetClassObject
OleLockRunning
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
OleUninitialize
StringFromGUID2
OleInitialize
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoRegisterClassObject

oleaut32

VarUI4FromStr
UnRegisterTypeLi
RegisterTypeLi
SysStringLen
OleCreateFontIndirect
LoadTypeLi
LoadRegTypeLi
SysStringByteLen
SysAllocStringLen
VariantClear
VariantInit
SysAllocString
SysFreeString

shlwapi

PathFileExistsW

wlxphotobase

?ThrowLastError@Base@@YGXXZ
?Throw@Base@@YGXJ@Z
?GetBaseStringManager@String@Base@@SGAAVCAtlStringMgr@ATL@@XZ
?BaseAtlThrow@ATL@@YGXJ@Z
?New@BasePrivate@@YAPAXI_N@Z
?Delete@BasePrivate@@YAXPAX@Z
??1Exception@Base@@UAE@XZ

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f6706276889a2fa4c66e41552fbb8a5d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

msvcr80

ole32

oleaut32

shlwapi

wlxphotobase

version

Exports

Exports

Sections

.text Size: 84KB - Virtual size: 83KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 14KB - Virtual size: 14KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 84KB - Virtual size: 83KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 14KB - Virtual size: 14KB

UPX0
Size: 144KB - Virtual size: 380KB