33c1ec5c0ef4ffeb3e18ac6d0138498f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

33c1ec5c0ef4ffeb3e18ac6d0138498f_JaffaCakes118
Size

280KB
MD5

33c1ec5c0ef4ffeb3e18ac6d0138498f
SHA1

0132b8cfc7e935bc02a87465d627c9500ddf4697
SHA256

4fc022e82926eac242b0009ebc9c84520236dcb8ad8961f1079baafe1744dd77
SHA512

a7524684d8fcd53e0063c43075b278978d1bffc56cb65920b5ee28dd2cf006f09fa57ac663b8a680794ab8b4954a701dcca1e68e818e23d3f6065cf79707737f
SSDEEP

3072:HEiDL1fCXtv7wiK98f4Bm5Wux3Shesuuj6gJDRA60PGPaOWzvPpVNHpODD5Qk:HTH1fywJfJgKD2eafDPlpOBn

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
33c1ec5c0ef4ffeb3e18ac6d0138498f_JaffaCakes118

Files

33c1ec5c0ef4ffeb3e18ac6d0138498f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9cdc48ede5e5e7b2cd58fe4e23e417e1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

storm

ord253
ord252
ord269
ord267
ord266

fog

ord10019
gdwInvBitMasks
gdwBitMasks
ord10022
ord10029

ddraw

DirectDrawEnumerateA
DirectDrawCreate

user32

LoadStringA
LoadCursorA
DialogBoxIndirectParamA
DialogBoxParamA
wvsprintfA
CreateDialogIndirectParamA
CreateDialogParamA
CreateWindowExA
EnumDisplaySettingsA
SetCursor
DefWindowProcA
RegisterClassA
SendMessageA
PostMessageA
SetForegroundWindow
SetActiveWindow
SetFocus
BringWindowToTop
GetWindowTextA
GetMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
EndDialog
MessageBoxA
DestroyWindow
UnregisterClassA
ShowWindow
GetDlgItem
SetWindowTextA

gdi32

GetStockObject

kernel32

RtlUnwind
TlsGetValue
WideCharToMultiByte
CloseHandle
FlushFileBuffers
LCMapStringW
LCMapStringA
ReadFile
SetStdHandle
VirtualAlloc
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadWritePtr
IsBadReadPtr
SetUnhandledExceptionFilter
TlsSetValue
lstrlenA
SleepEx
CreateThread
GetLastError
CreateEventA
SetLastError
GetProcAddress
LoadLibraryA
LockResource
LoadResource
FindResourceExA
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
lstrcpynA
TerminateProcess
GetCurrentProcess
GetEnvironmentStringsW
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
GetCurrentThreadId
GetEnvironmentVariableA
TlsAlloc
GetVersionExA
InterlockedDecrement
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
HeapCreate
SetHandleCount
GetStdHandle
GetFileType
SetFilePointer
InterlockedIncrement
HeapDestroy
VirtualFree
HeapFree
WriteFile
HeapReAlloc
HeapAlloc
HeapSize

advapi32

RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 104KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9cdc48ede5e5e7b2cd58fe4e23e417e1

Headers

File Characteristics

Imports

storm

fog

ddraw

user32

gdi32

kernel32

advapi32

Sections

.text Size: 60KB - Virtual size: 57KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 24KB - Virtual size: 45KB

.rsrc Size: 80KB - Virtual size: 76KB

.UPX0 Size: 104KB - Virtual size: 252KB

.text
Size: 60KB - Virtual size: 57KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 24KB - Virtual size: 45KB

.rsrc
Size: 80KB - Virtual size: 76KB

.UPX0
Size: 104KB - Virtual size: 252KB