2af52025a7079a7885ee6a92a4a7f822_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2af52025a7079a7885ee6a92a4a7f822_JaffaCakes118
Size

3.1MB
MD5

2af52025a7079a7885ee6a92a4a7f822
SHA1

4a204acd0ed646db6088af0c7988e972aa5b2eb5
SHA256

10d40c83b83fb26da18316e215cea44ef50d3ac911ff8876db5554e634e0e115
SHA512

2a9d922cd2f66067b7532c4a8c5fdb2edff4eea78ff6dad94cdf6fd63b7d510b8672e7c4dc7f1820867a3b061a0cc43bd3a3078993ad26095b25c118ba53b382
SSDEEP

49152:i2LTuDenEXWxW0dqVS7ikHwZ3+3Dub+n:/L6enaoW0d4QfU+

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2af52025a7079a7885ee6a92a4a7f822_JaffaCakes118

Files

2af52025a7079a7885ee6a92a4a7f822_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5cc110a7352a3386de60608d90a44c77

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
CM_Get_Parent
CM_Locate_DevNodeW
CM_Get_Sibling
CM_Get_DevNode_Registry_PropertyW
CM_Get_Child

winmm

mciSendCommandW

hid

HidD_FreePreparsedData
HidP_GetCaps
HidD_GetPreparsedData
HidD_SetNumInputBuffers
HidD_GetNumInputBuffers
HidD_GetHidGuid
HidD_GetManufacturerString
HidD_GetSerialNumberString
HidD_GetProductString
HidD_GetAttributes
HidP_GetSpecificValueCaps

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetFullPathNameW
GetShortPathNameW
GlobalGetAtomNameW
SetErrorMode
LocalFileTimeToFileTime
SetFileTime
GetFileAttributesW
GetFileTime
LocalUnlock
LocalLock
GetTempFileNameW
GetStartupInfoW
RtlUnwind
ExitProcess
TerminateProcess
HeapReAlloc
HeapAlloc
GetSystemTimeAsFileTime
IsBadReadPtr
GetModuleFileNameA
HeapFree
GetConsoleCP
TlsAlloc
ReadConsoleInputW
SetConsoleMode
GetConsoleMode
GetCPInfo
ExitThread
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
FatalAppExitA
SetUnhandledExceptionFilter
IsBadWritePtr
DebugBreak
GetTimeZoneInformation
SetConsoleCtrlHandler
LCMapStringA
LCMapStringW
PeekConsoleInputA
GetNumberOfConsoleInputEvents
CreateFileA
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA
GetStringTypeW
GetOEMCP
IsBadCodePtr
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetProcessHeap
WriteConsoleA
SetStdHandle
GetDriveTypeA
GetCurrentDirectoryA
GetFullPathNameA
TlsGetValue
GlobalHandle
GlobalReAlloc
GlobalFlags
lstrcmpiW
RaiseException
SuspendThread
ResumeThread
SetThreadPriority
lstrcmpA
lstrcmpiA
GetModuleFileNameW
ConvertDefaultLocale
GetVersion
InterlockedDecrement
FindFirstFileW
LockFile
FileTimeToSystemTime
FindNextFileW
FindClose
SetLastError
MulDiv
GlobalSize
FormatMessageW
lstrcpynW
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
lstrlenA
GetModuleHandleA
LoadLibraryA
lstrlenW
lstrcatW
lstrcmpW
GetVersionExA
GlobalLock
GlobalUnlock
VirtualProtect
FindResourceExW
GetLocaleInfoW
EnumResourceLanguagesW
EnumSystemLocalesW
GetSystemDefaultUILanguage
GetUserDefaultLangID
GetSystemDefaultLangID
ExpandEnvironmentStringsW
ReadFile
OutputDebugStringW
FreeConsole
AllocConsole
GlobalAlloc
GlobalFree
FreeResource
GetLogicalDriveStringsW
ReadFileEx
SleepEx
GetVolumeNameForVolumeMountPointW
LoadLibraryW
FreeLibrary
GetStdHandle
InterlockedExchangeAdd
SetCurrentDirectoryW
GetCurrentDirectoryW
GetWindowsDirectoryW
FlushFileBuffers
ReleaseMutex
CreateMutexW
WideCharToMultiByte
GetSystemDirectoryW
GetDriveTypeW
CreateThread
ResetEvent
SetEvent
WaitForSingleObject
CreateEventW
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcessId
GetCurrentThreadId
WriteFile
GetVolumeInformationW
QueryPerformanceFrequency
QueryPerformanceCounter
GetTickCount
lstrcpyW
CreateFileW
DeviceIoControl
CloseHandle
SetFileAttributesW
SetVolumeLabelW
Sleep
GetCurrentThread
GetLastError
GetCurrentProcess
LocalAlloc
LocalFree
CopyFileW
DeleteFileW
RemoveDirectoryW
CreateDirectoryW
GetModuleHandleW
GetProcAddress
GetDiskFreeSpaceW
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
SetFilePointer
GetStringTypeExW
MoveFileW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
SystemTimeToFileTime
InterlockedIncrement
TlsFree
LocalReAlloc
FileTimeToLocalFileTime
TlsSetValue
ReadConsoleInputA

user32

LoadAcceleratorsW
InsertMenuItemW
CreatePopupMenu
SetRectEmpty
BringWindowToTop
SetMenu
TranslateAcceleratorW
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableW
SetRect
IsRectEmpty
CharNextW
CharUpperW
DestroyIcon
DeleteMenu
WaitMessage
GetWindowThreadProcessId
ReleaseCapture
WindowFromPoint
SetCapture
LoadCursorW
GetSysColorBrush
GetDialogBaseUnits
MapVirtualKeyW
GetKeyNameTextW
SystemParametersInfoW
DestroyMenu
GetMenuItemInfoW
InflateRect
SetWindowContextHelpId
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
GetCursorPos
ValidateRect
ShowOwnedPopups
SetCursor
wsprintfW
GetMenuStringW
AppendMenuW
InsertMenuW
RemoveMenu
SetMenuItemBitmaps
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapW
ScrollWindowEx
MoveWindow
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
GetDlgItemTextW
GetDlgItemInt
CheckRadioButton
CheckDlgButton
WinHelpW
SetWindowsHookExW
CallNextHookEx
GetClassInfoExW
GetClassLongW
GetClassNameW
SetPropW
GetPropW
ReuseDDElParam
SendDlgItemMessageW
SendDlgItemMessageA
IsChild
GetWindowTextLengthW
GetForegroundWindow
GetLastActivePopup
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
LoadIconW
MapWindowPoints
ScrollWindow
MessageBoxW
TrackPopupMenuEx
TrackPopupMenu
GetKeyState
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
IsWindowVisible
GetMenu
GetSubMenu
GetMenuItemCount
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
GetClassInfoW
SetWindowPlacement
GetDlgCtrlID
CallWindowProcW
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
CopyRect
PtInRect
GetWindow
GetDesktopWindow
GetSystemMetrics
GetNextDlgTabItem
EndDialog
MapDialogRect
SetWindowPos
GetCapture
GetActiveWindow
SetActiveWindow
GetAsyncKeyState
GetFocus
SetFocus
IsWindowEnabled
CreateDialogIndirectParamW
ShowWindow
GetWindowTextW
UnpackDDElParam
LoadMenuW
RegisterClipboardFormatW
SetParent
LockWindowUpdate
GetDlgItem
LoadStringW
SetWindowLongW
RegisterDeviceNotificationW
GetWindowLongW
UnregisterClassW
UnregisterDeviceNotification
PostQuitMessage
PeekMessageW
RegisterWindowMessageW
SendNotifyMessageW
IsWindow
InvalidateRect
UpdateWindow
GetClientRect
GetDCEx
PostThreadMessageW
UnionRect
GetTabbedTextExtentW
RemovePropW
IsClipboardFormatAvailable
GetWindowRect
GetSysColor
GetSystemMenu
ModifyMenuW
GetMessageW
TranslateMessage
DispatchMessageW
FindWindowW
SetForegroundWindow
SetTimer
RegisterClassW
CreateWindowExW
DefWindowProcW
DestroyWindow
KillTimer
PostMessageW
LoadImageW
SendMessageW
EnableWindow
GetParent
GetMenuItemID
UnregisterClassA

gdi32

GetCharWidthW
StretchDIBits
CreateFontW
StartPage
EndPage
SetAbortProc
AbortDoc
EndDoc
SetWindowOrgEx
ScaleViewportExtEx
CreateCompatibleBitmap
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
StartDocW
GetPixel
BitBlt
GetWindowExtEx
GetRgnBox
GetTextColor
GetBkColor
DPtoLP
GetMapMode
CombineRgn
SetRectRgn
EnumFontFamiliesExW
GetTextMetricsW
PatBlt
CreateRectRgnIndirect
CreateHatchBrush
CreateSolidBrush
ExtCreatePen
CreatePen
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
SelectPalette
SetPolyFillMode
CreateCompatibleDC
SetBkMode
RestoreDC
SaveDC
CreateDCW
CopyMetaFileW
CreatePatternBrush
CreateDIBPatternBrushPt
DeleteDC
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
GetDCOrgEx
GetTextExtentPoint32W
GetStockObject
GetObjectW
CreateFontIndirectW
GetDeviceCaps
SetViewportExtEx
CreateICW
GetViewportExtEx
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
DeleteObject
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SetMapMode
SetStretchBltMode
SetROP2
OffsetWindowOrgEx

comdlg32

PageSetupDlgW
FindTextW
ReplaceTextW
GetSaveFileNameW
PrintDlgW
GetOpenFileNameW
CommDlgExtendedError
GetFileTitleW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter
GetJobW

advapi32

CryptGenRandom
RevertToSelf
AccessCheck
IsValidSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
InitializeSecurityDescriptor
AllocateAndInitializeSid
OpenProcessToken
OpenThreadToken
GetFileSecurityW
SetFileSecurityW
RegCreateKeyW
RegQueryValueW
RegEnumKeyW
RegOpenKeyW
RegSetValueW
RegDeleteValueW
RegSetValueExW
FreeSid
CryptAcquireContextA
CryptReleaseContext
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
ImpersonateSelf

shell32

ExtractIconW
SHGetFileInfoW
DragFinish
DragQueryFileW
SHFileOperationW

comctl32

PropertySheetW
DestroyPropertySheetPage
CreatePropertySheetPageW
ord17
ord13
ImageList_Read
ImageList_Write
ord14
ImageList_Destroy
ImageList_Create
ImageList_LoadImageW
ImageList_Merge
ImageList_Draw
ImageList_GetImageInfo

shlwapi

PathRemoveExtensionW
PathFindFileNameW
PathStripToRootW
PathFindExtensionW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CoTreatAsClass
StringFromCLSID
OleDuplicateData
ReleaseStgMedium
CoTaskMemAlloc
CreateBindCtx
CLSIDFromProgID
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
CLSIDFromString
OleRun
CoDisconnectObject
CoCreateInstance
StringFromGUID2
CoGetClassObject
CreateStreamOnHGlobal
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
OleSetClipboard
CoRevokeClassObject
CoRegisterClassObject
OleInitialize
OleUninitialize
CreateILockBytesOnHGlobal
CoFreeUnusedLibraries
StgCreateDocfileOnILockBytes
ReadClassStg
StgOpenStorageOnILockBytes

oleaut32

VarDecFromStr
VarBstrFromDec
SysReAllocStringLen
VarDateFromStr
SysAllocString
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayCopy
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
SafeArrayRedim
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysStringByteLen
SysAllocStringByteLen
SysStringLen
SysFreeString
VariantInit
VariantChangeType
VariantClear
VarCyFromStr
VarBstrFromCy
LoadTypeLi
VarBstrFromDate
OleCreateFontIndirect
SysAllocStringLen

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 464KB - Virtual size: 461KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 4KB - Virtual size: 793B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 460KB - Virtual size: 457KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5cc110a7352a3386de60608d90a44c77

Headers

File Characteristics

Imports

setupapi

winmm

hid

version

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 464KB - Virtual size: 461KB

.data Size: 56KB - Virtual size: 79KB

.idata Size: 24KB - Virtual size: 20KB

.didat Size: 4KB - Virtual size: 793B

.rsrc Size: 460KB - Virtual size: 457KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 464KB - Virtual size: 461KB

.data
Size: 56KB - Virtual size: 79KB

.idata
Size: 24KB - Virtual size: 20KB

.didat
Size: 4KB - Virtual size: 793B

.rsrc
Size: 460KB - Virtual size: 457KB

UPX0
Size: 144KB - Virtual size: 380KB