29546d0ae43486678f7125abe55b1510_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

29546d0ae43486678f7125abe55b1510_JaffaCakes118
Size

89KB
MD5

29546d0ae43486678f7125abe55b1510
SHA1

fa0cd58ea5db11628435e67d8b49e6ca136244e0
SHA256

b3a2f48d7ce82ec4addadb1b0abfb15d965c559388681be7bdd0b322003f2a15
SHA512

e06aea4f55142a53132eacd416a06dbab50f88c5053b5739e643fc28d2736f2069db5c397144cd43dc3adaeac7ba1ff543a74e6a24a7c7f6c0ddcce898445cd9
SSDEEP

1536:8OlQomzjvq2hfSNxTNLzuMd0BDFnToIfaJ7iaK:8ECCPNL5d0BDtTBfw7ia

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29546d0ae43486678f7125abe55b1510_JaffaCakes118

Files

29546d0ae43486678f7125abe55b1510_JaffaCakes118
.dll windows:4 windows x86 arch:x86

6258d4135fa90aab3334d68ce7d6e623

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateEventA
lstrcmpiA
WriteProcessMemory
WriteFile
WinExec
WaitForSingleObject
VirtualQuery
VirtualProtect
VirtualAllocEx
UnmapViewOfFile
Sleep
SetThreadPriority
SetThreadIdealProcessor
SetFileAttributesA
ReadFile
Process32Next
Process32First
OpenProcess
OpenFileMappingA
MapViewOfFile
LocalFree
LocalAlloc
LoadLibraryExA
IsBadReadPtr
GetVersionExA
GetTickCount
GetTempPathA
GetTempFileNameA
GetSystemDirectoryA
GetProcAddress
GetPrivateProfileStringA
GetPrivateProfileIntA
GetModuleHandleA
GetModuleFileNameA
GetFileSize
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetComputerNameA
FreeLibrary
ExitThread
DeleteFileA
CreateToolhelp32Snapshot
CreateThread
CreateRemoteThread
CreateFileMappingA
CreateFileA
CloseHandle

advapi32

CloseServiceHandle
ControlService
CreateServiceA
InitializeSecurityDescriptor
LookupPrivilegeValueA
OpenProcessToken
OpenSCManagerA
OpenServiceA
RegCloseKey
RegCreateKeyA
StartServiceA
SetSecurityDescriptorDacl
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
AdjustTokenPrivileges

gdi32

RealizePalette
DeleteObject
DeleteDC
CreateSolidBrush
CreatePalette
CreateFontIndirectA
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBitmap
BitBlt
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetTextColor
GetDIBits
GetObjectA

msvcrt

malloc
free

urlmon

URLDownloadToFileA

user32

DefWindowProcA
DestroyWindow
DispatchMessageA
DrawTextA
EndPaint
FindWindowExA
GetDC
GetMessageA
GetSystemMetrics
GetWindowTextA
GetWindowThreadProcessId
InvalidateRect
IsWindow
KillTimer
LoadCursorA
OffsetRect
OpenDesktopA
OpenWindowStationA
PostMessageA
PtInRect
RegisterClassExA
ReleaseDC
SendInput
SendMessageA
SetProcessWindowStation
SetRect
SetThreadDesktop
SetTimer
SetWindowLongA
ShowWindow
UnregisterClassA
UpdateWindow
ValidateRect
CreateWindowExA
CopyRect
CloseWindowStation
CloseDesktop
CallWindowProcA
BlockInput
BeginPaint
AttachThreadInput
wsprintfA

wininet

HttpOpenRequestA
HttpQueryInfoA
HttpSendRequestA
InternetCloseHandle
InternetConnectA
InternetOpenA
InternetReadFile
HttpAddRequestHeadersA

ws2_32

connect
WSAStartup
gethostbyname
htons
inet_addr
recv
select
send
setsockopt
socket
closesocket

Sections

UPX0
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6258d4135fa90aab3334d68ce7d6e623

Headers

File Characteristics

Imports

kernel32

advapi32

gdi32

msvcrt

urlmon

user32

wininet

ws2_32

Sections

UPX0 Size: 84KB - Virtual size: 84KB

UPX2 Size: 1024B - Virtual size: 4KB

.avc Size: 3KB - Virtual size: 4KB

UPX0
Size: 84KB - Virtual size: 84KB

UPX2
Size: 1024B - Virtual size: 4KB

.avc
Size: 3KB - Virtual size: 4KB