296af49b60b82a5eb9f1a6d2e80d0537_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

296af49b60b82a5eb9f1a6d2e80d0537_JaffaCakes118
Size

516KB
MD5

296af49b60b82a5eb9f1a6d2e80d0537
SHA1

131866021b057635338a1cb9e6e38c2c7b4aa0b3
SHA256

5cd34bad0b44ee19c6f8d1c620d562a256f7f528c9df6bdf19733c91a9fef3ea
SHA512

bf4c7e721b12f40b5a6b114b79390ac6221c9513639159e2e1871b9502760123d5efc2bee2641653c90fcce74869e177629300022a9055f12016b7c30e77d184
SSDEEP

12288:aobHejh2Fev2iHJfzKrqZRllGi4SNQawfH:/aF2Fev2iHREqZRT14UQX

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
296af49b60b82a5eb9f1a6d2e80d0537_JaffaCakes118

Files

296af49b60b82a5eb9f1a6d2e80d0537_JaffaCakes118
.exe windows:4 windows x86 arch:x86

faa4a507e31e9c82c2b6fae4fe9e7928

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

setlang.pdb

Imports

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameW

msimg32

TransparentBlt

msvcrt

wcslen
wcscmp
_vsnwprintf
memmove
_wtoi
wcschr
_wcsicmp
wcsstr
_snwprintf
swscanf
__CxxFrameHandler
memcpy
_wcsdup
_endthreadex
_beginthreadex
memset
_CxxThrowException
malloc
_except_handler3
realloc
labs
free
_expand
_msize
wcstoul
wcstol
iswdigit
iswspace
_ultow
_ltow
wcscpy
wcsncpy
_c_exit
_exit
_XcptFilter
_controlfp
??1type_info@@UAE@XZ
ctime
mktime
gmtime
localtime
time
?terminate@@YAXXZ
_vsnprintf
_onexit
__dllonexit
__set_app_type
_cexit
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_amsg_exit
_wcmdln
exit
__p__fmode

kernel32

FreeLibrary
GlobalAlloc
lstrcmpW
GlobalLock
WideCharToMultiByte
MultiByteToWideChar
GetCurrentThreadId
GetCurrentThread
lstrlenW
GlobalAddAtomW
SetThreadPriority
ResumeThread
GlobalDeleteAtom
SuspendThread
CreateEventW
lstrcpynW
SetLastError
LoadLibraryA
GetModuleHandleA
GetFileAttributesW
VirtualProtect
OutputDebugStringA
GlobalFree
GlobalUnlock
LocalFree
FormatMessageW
GetVersionExA
lstrcatW
lstrlenA
GlobalFindAtomW
InterlockedDecrement
RaiseException
InitializeCriticalSection
DeleteCriticalSection
WritePrivateProfileStringW
lstrcmpiW
InterlockedIncrement
GlobalFlags
LocalAlloc
LeaveCriticalSection
GlobalReAlloc
GlobalHandle
EnterCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetCurrentProcess
FindClose
FindFirstFileW
GetVolumeInformationW
GetFullPathNameW
CreateFileW
FindResourceExW
FileTimeToSystemTime
SetErrorMode
FileTimeToLocalFileTime
GetFileTime
GetTickCount
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
GetSystemInfo
VirtualQuery
LoadLibraryExW
GetSystemDirectoryW
FormatMessageA
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
lstrcpyW
LoadLibraryW
OpenProcess
WaitForSingleObject
CloseHandle
CreateProcessW
GetUserDefaultUILanguage
IsValidLocale
GetLocaleInfoW
FreeResource
SizeofResource
MulDiv
FindResourceW
LoadResource
LockResource
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
CreateMutexW
GetLastError
ReleaseMutex
SetEvent

user32

SetCapture
InvalidateRgn
CopyAcceleratorTableW
SetRect
IsRectEmpty
CharNextW
CharUpperW
LoadCursorW
GetSysColorBrush
wsprintfW
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
MoveWindow
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
WinHelpW
GetClassLongW
SetPropW
GetPropW
RemovePropW
SendDlgItemMessageW
SendDlgItemMessageA
IsChild
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
GetClassInfoW
ReleaseCapture
MessageBoxW
CreateWindowExW
GetClassInfoExW
UnregisterClassW
RegisterClassW
GetMenu
AdjustWindowRectEx
ScreenToClient
EqualRect
GetScrollInfo
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
CopyRect
PtInRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetMenuItemID
GetMenuItemCount
GetSubMenu
DestroyWindow
IsWindow
CreateDialogIndirectParamW
EndDialog
SetWindowContextHelpId
MapDialogRect
SetWindowPos
ShowWindow
GetAsyncKeyState
SetFocus
GetDlgItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
MessageBoxA
PostThreadMessageW
SetWindowsHookExW
CallNextHookEx
GetMessageW
RegisterClipboardFormatW
DestroyMenu
GetNextDlgGroupItem
TranslateMessage
DispatchMessageW
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
SetCursor
PostQuitMessage
GetDesktopWindow
GetWindowThreadProcessId
GetClassNameW
SendMessageTimeoutW
SetForegroundWindow
PostMessageW
OffsetRect
SystemParametersInfoW
GetClientRect
GetFocus
InvalidateRect
GetWindowRect
GetSysColor
LoadBitmapW
GetWindowLongW
SetWindowLongW
GetSystemMetrics
MessageBeep
LoadIconW
DrawFocusRect
FillRect
PeekMessageW
IsWindowEnabled
GetCapture
GetActiveWindow
EnableWindow
GetParent
GetWindow
SetActiveWindow
LockWindowUpdate
UpdateWindow
ReleaseDC
GetDC
SendMessageW
GetNextDlgTabItem

gdi32

SetBkMode
SetMapMode
SetTextAlign
GetViewportExtEx
GetWindowExtEx
PtVisible
RestoreDC
TextOutW
ExtTextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
GetStockObject
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
CreateCompatibleDC
SelectObject
DeleteDC
GetTextExtentPoint32W
DeleteObject
GetTextAlign
GetTextColor
GetBkColor
CreateSolidBrush
GetDeviceCaps
GetObjectW
RectVisible
GetMapMode
GetRgnBox
CreateRectRgnIndirect
EnumFontFamiliesExW
CreateFontIndirectW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegDeleteKeyW
RegEnumKeyW
RegOpenKeyW
RegQueryValueW
RegCreateKeyExW
RegSetValueExW

comctl32

ord17
PropertySheetW

shlwapi

PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW

oledlg

OleUIBusyW

ole32

OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoRegisterMessageFilter
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
OleInitialize
OleUninitialize

oleaut32

SysAllocStringLen
SysFreeString
VariantClear
SystemTimeToVariantTime
SafeArrayDestroy
SysAllocString
VariantChangeType
VariantInit
SysStringLen
OleCreateFontIndirect
VariantCopy

oleacc

LresultFromObject
CreateStdAccessibleObject

Exports

Exports

_ctime64
_gmtime64
_localtime64
_mktime64
_resetstkoflw
_scprintf
_scwprintf
_time64
_vscprintf
_vscwprintf

Sections

.text
Size: 236KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 108KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

faa4a507e31e9c82c2b6fae4fe9e7928

Headers

File Characteristics

PDB Paths

Imports

psapi

msimg32

msvcrt

kernel32

user32

gdi32

winspool.drv

advapi32

comctl32

shlwapi

oledlg

ole32

oleaut32

oleacc

Exports

Exports

Sections

.text Size: 236KB - Virtual size: 235KB

.data Size: 108KB - Virtual size: 116KB

.cdata Size: 512B - Virtual size: 4B

.rsrc Size: 26KB - Virtual size: 26KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 236KB - Virtual size: 235KB

.data
Size: 108KB - Virtual size: 116KB

.cdata
Size: 512B - Virtual size: 4B

.rsrc
Size: 26KB - Virtual size: 26KB

UPX0
Size: 144KB - Virtual size: 380KB