2b236146eb868d40a3e5f003b64f2ecb_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2b236146eb868d40a3e5f003b64f2ecb_JaffaCakes118
Size

91KB
MD5

2b236146eb868d40a3e5f003b64f2ecb
SHA1

e55c41d4ab955acb61e69bc79d28ec9eaec6f12a
SHA256

8c77770a63a82878af06919a929eb2d993fd2ede6efedc4eb5e12fbaa9a1ab56
SHA512

e029d039b02f120429b79c8930ec611e01fd614f251f5aaa17e6fb9265e1d7a30d4b976a18d083f986793be03bd1eeaca2db4cd50dc2a03317471a0b27f5a673
SSDEEP

1536:NOU7pZ/+WDNM20WVx8VD4UNfaQjGCoQiqNv3BHOknwg4VqYLgf2u:N/PDaWTS1fxMzQ1Org4lLgf2u

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2b236146eb868d40a3e5f003b64f2ecb_JaffaCakes118

Files

2b236146eb868d40a3e5f003b64f2ecb_JaffaCakes118
.dll windows:4 windows x86 arch:x86

48504d34cc721d7bf5ba86ff54dfa33a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

UnhookWindowsHookEx
SetTimer
SetWindowsHookExA
SendInput
SetCursorPos
PostMessageA
OpenDesktopA
GetForegroundWindow
SetWindowsHookExW
GetWindowTextA
GetWindowThreadProcessId
wsprintfW
GetActiveWindow
CharLowerA
CharUpperA
EnumWindows
UpdateWindow
BringWindowToTop
ShowWindow
PostThreadMessageA
DestroyWindow
DispatchMessageA
CallNextHookEx
ExitWindowsEx
GetThreadDesktop
OpenInputDesktop
SetThreadDesktop
MessageBoxA
wsprintfA
GetMessageA
OpenWindowStationA
SetProcessWindowStation
CloseDesktop
CloseWindowStation
IsWindow
SendMessageA

gdi32

DeleteObject
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
GetDeviceCaps
CreateDCA
CreateCompatibleBitmap
GetDIBits

advapi32

RegCloseKey
CreateServiceA
StartServiceA
RegisterServiceCtrlHandlerA
SetServiceStatus
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
QueryServiceConfigA
EnumServicesStatusA
ChangeServiceConfigA
RegCreateKeyExA
RegSetValueExA
OpenProcessToken
RegOpenKeyExA
RegQueryValueExA
OpenServiceA
GetUserNameW
LookupPrivilegeValueA
ImpersonateSelf
OpenThreadToken
AdjustTokenPrivileges
OpenSCManagerA
DeleteService
ControlService
CloseServiceHandle

shell32

StrCmpNIA
SHEmptyRecycleBinA
ShellExecuteA
StrStrA
SHFileOperationA
StrRChrA
StrChrA

ole32

CreateStreamOnHGlobal

ws2_32

listen
setsockopt
bind
socket
htons
send
connect
inet_ntoa
ntohs
accept
WSADuplicateSocketA
WSAStartup
closesocket
select
recv
inet_addr
gethostbyname
WSASocketA
getsockname

shlwapi

SHDeleteKeyA
StrCmpW
StrToIntA

psapi

GetModuleFileNameExA

imm32

ImmReleaseContext
ImmGetCompositionStringW
ImmGetCompositionStringA
ImmGetContext

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

winmm

waveInUnprepareHeader
waveInPrepareHeader
waveInAddBuffer
waveInStart
waveInStop
waveInClose
waveInOpen

msvcrt

malloc
strrchr
__dllonexit
_onexit
_initterm
_adjust_fdiv
wcscmp
free
strchr
_beginthread
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z

kernel32

lstrlenW
FlushFileBuffers
CreateDirectoryA
MoveFileA
GetDriveTypeA
GetVolumeInformationA
GetDiskFreeSpaceExA
GetLogicalDriveStringsA
GetFileAttributesExA
FindClose
GetLastError
FindNextFileA
lstrcmpA
FindFirstFileA
lstrcmpiA
Process32Next
Process32First
CreateToolhelp32Snapshot
DuplicateHandle
SetStdHandle
CreatePipe
GetStdHandle
ExitProcess
GetCommandLineA
GetProcAddress
FreeLibrary
LocalAlloc
SetFilePointer
RaiseException
lstrcatW
OpenEventA
OpenMutexA
GetFileSize
GlobalAlloc
GlobalLock
lstrcpyW
WaitForMultipleObjects
ResetEvent
ReleaseMutex
GlobalFree
CreateEventA
CreateMutexA
GetFileSizeEx
SetFilePointerEx
ReadFile
GetCurrentProcess
GetPriorityClass
GetThreadPriority
SetPriorityClass
SetThreadPriority
QueryPerformanceFrequency
QueryPerformanceCounter
GetVersion
GetVersionExA
TerminateProcess
ResumeThread
GetSystemInfo
GlobalMemoryStatus
GetComputerNameA
GetACP
GetOEMCP
GetLocalTime
GetTempPathA
WriteFile
GetCurrentThread
GetCurrentProcessId
WideCharToMultiByte
SearchPathA
GetModuleFileNameA
InterlockedExchange
LoadLibraryA
OpenProcess
lstrlenA
DeviceIoControl
CreateFileA
CloseHandle
GetSystemDirectoryA
SetEvent
DeleteFileA
lstrcpyA
GetCurrentThreadId
GetStartupInfoA
CreateProcessA
Sleep
lstrcatA
WaitForSingleObject
GetTickCount

Sections

.text
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Share
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX0
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

48504d34cc721d7bf5ba86ff54dfa33a

Headers

File Characteristics

Imports

user32

gdi32

advapi32

shell32

ole32

ws2_32

shlwapi

psapi

imm32

avicap32

winmm

msvcrt

kernel32

Sections

.text Size: 67KB - Virtual size: 67KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 2KB - Virtual size: 2KB

Share Size: 4KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 3KB

UPX0 Size: 512B - Virtual size: 512B

.text
Size: 67KB - Virtual size: 67KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 2KB - Virtual size: 2KB

Share
Size: 4KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 3KB

UPX0
Size: 512B - Virtual size: 512B