344a0cd8933fb176760a0e7adbf7c128_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

344a0cd8933fb176760a0e7adbf7c128_JaffaCakes118
Size

240KB
MD5

344a0cd8933fb176760a0e7adbf7c128
SHA1

8d598e5d5883330e954860d2433ad05fc156549f
SHA256

1b4e5558104393518409e37eac28c34ab86c8f3312463e06d6012c8acf6c5984
SHA512

510fc2450a86718b6ea06a686cb4a23f72f6e334c84e0eccb40a6471ed81ec78b32d88cdbb1356c6f65820ed719acbb3e0085556292cebab522a10790dbeec6d
SSDEEP

3072:BAwLaQf1bMeQ559PQ2HKvssdk/4rSd4XGXyr2Bpd/I+MJZ841roSiWcM:BAwLaQf1Cf9PQJEYkA2d4a/Qd+M

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
344a0cd8933fb176760a0e7adbf7c128_JaffaCakes118

Files

344a0cd8933fb176760a0e7adbf7c128_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4a791745b12c327dc72ce55a421f8de2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

pcssupportsetup

needSupport
Install

pcscm

?StartAnimation@CNbuuAniStaticCtrl@@QAEXXZ
?StopAnimation@CNbuuAniStaticCtrl@@QAEXXZ
?UnloadBitmap@CNbuuResourceManager@@SA_NPAPAVCNbuuBitmap@@@Z
?LoadBitmapW@CNbuuResourceManager@@SA_NPAPAVCNbuuBitmap@@PAUHINSTANCE__@@IPBG@Z
??1CNbuuAniStaticCtrl@@UAE@XZ
?Show@CNbuuMessageBox@@SAHPAUHWND__@@PBG1I@Z
??1CNbuuButtonSkin@@UAE@XZ
??1CNbuuTabSkin@@UAE@XZ
??1CNbuuBarStaticSkin@@UAE@XZ
??1CNbuuAniStaticSkin@@UAE@XZ
??1CNbuuStaticBitmapSkin@@UAE@XZ
??1CPCSLInfoReader@@UAE@XZ
?GetPCSL@CPCSLInfoReader@@QAEPBGXZ
??0CPCSLInfoReader@@QAE@XZ
??0CNbuuButtonCtrl@@QAE@XZ
??0CNbuuAniStaticCtrl@@QAE@XZ
??1CNbuuButtonCtrl@@UAE@XZ
??0CNbuuStaticCtrl@@QAE@XZ
??0CNbuuBarStaticCtrl@@QAE@XZ
?FlipDialog@CRTLHelper@@SAPAUDLGTEMPLATE@@PAUHINSTANCE__@@PBGH@Z
?PcsLoadColor@@YAKPAUHINSTANCE__@@I@Z
?SetTextColor@CNbuuStaticCtrl@@QAEXK@Z
??1CNbuuBarStaticCtrl@@UAE@XZ
??1CNbuuStaticCtrl@@UAE@XZ
?SetDefaultSkinDef@CNbuuBarStaticSkin@@SAXVCNbuuBarStaticSkinDef@@@Z
?SetBackground@CNbuuBackBuffer@@QAEXPAUHWND__@@@Z
?m_hInstRes@CNbuuLib@@0PAUHINSTANCE__@@A
?SetTextColor@CNbuuMessageBox@@SAXK@Z
?SetButtonSkin@CNbuuMessageBox@@SAXPAVCNbuuButtonSkin@@@Z
?SetBackgroundSkin@CNbuuMessageBox@@SAXPAVCNbuuStaticBitmapSkin@@@Z
?SetButtonCaptions@CNbuuMessageBox@@SAXPAUHINSTANCE__@@IIII@Z
?m_dwLayout@CNbuuLib@@0KA
??1CRTLHelper@@UAE@XZ
?SetDefaultSkinDef@CNbuuButtonSkin@@SAXVCNbuuButtonSkinDef@@@Z
?Init@CNbuuLib@@SAXPAUHINSTANCE__@@0@Z
??0CNbuuAniStaticSkin@@QAE@XZ
??0CNbuuStaticBitmapSkin@@QAE@XZ
??0CNbuuTabSkin@@QAE@XZ
??0CNbuuButtonSkin@@QAE@XZ
??0CNbuuBarStaticSkin@@QAE@XZ
?Mirror@CNbuuBitmap@@QAEXXZ
?PcsInitializeWER@@YAHXZ
?IsRTL@CRTLHelper@@QAEHXZ
??0CRTLHelper@@QAE@PBG@Z
?GetLangID@CRTLHelper@@SAPAGPAUHKEY__@@PBG1@Z

shlwapi

PathFileExistsW
PathAppendW
PathRemoveFileSpecW

shell32

ShellExecuteW

setupapi

SetupDiGetDeviceRegistryPropertyW
CM_Get_Device_IDW
SetupDiGetClassDevsW
SetupDiClassGuidsFromNameW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList

connapi

ord10
ord201
ord210
ord209
ord211
ord208
ord12
ord200
ord202
ord203
ord204
ord205
ord11

mfc71u

ord5148
ord1899
ord5067
ord6271
ord4179
ord3397
ord4716
ord1591
ord5956
ord920
ord925
ord929
ord927
ord931
ord2404
ord2388
ord2407
ord2402
ord2379
ord2381
ord2399
ord2169
ord2163
ord1513
ord6273
ord3796
ord6275
ord3339
ord4961
ord1353
ord5171
ord1955
ord5196
ord2531
ord2725
ord2829
ord4301
ord2708
ord2856
ord2534
ord4238
ord2527
ord3712
ord3713
ord3703
ord2638
ord3943
ord4480
ord4256
ord3176
ord605
ord3333
ord2651
ord2366
ord764
ord5609
ord5199
ord356
ord4276
ord762
ord4112
ord4109
ord5867
ord2364
ord1555
ord416
ord6086
ord2155
ord1894
ord5852
ord2860
ord4535
ord3677
ord265
ord4032
ord4008
ord6272
ord3795
ord6274
ord2054
ord5579
ord3800
ord6215
ord5378
ord3826
ord1911
ord2925
ord5220
ord5222
ord2239
ord3942
ord4562
ord5226
ord5209
ord5562
ord2832
ord4475
ord4255
ord3327
ord757
ord3829
ord354
ord4743
ord709
ord501
ord3922
ord4574
ord5829
ord1021
ord2491
ord266
ord1051
ord3168
ord747
ord1178
ord4119
ord1542
ord5231
ord5229
ord2384
ord2394
ord2392
ord2390
ord2386
ord2409
ord2397
ord1647
ord1646
ord1590
ord577
ord6063
ord2444
ord3756
ord293
ord777
ord3873
ord280
ord774
ord283
ord1472
ord776
ord896
ord899
ord1118
ord4320
ord2009
ord1007
ord5096
ord566
ord1058
ord2460
ord3755
ord559
ord2461
ord1392
ord3940
ord1608
ord1611
ord5908
ord1661
ord1662
ord2011
ord4884
ord4729
ord4206
ord5178
ord2362
ord1086
ord1079
ord3635
ord2640
ord1198

msvcr71

_purecall
__CxxFrameHandler
??0exception@@QAE@ABV0@@Z
_CxxThrowException
??1exception@@UAE@XZ
??0exception@@QAE@XZ
wcscmp
wcscpy
wcscat
wcslen
_wtoi
wcstok
wcsstr
free
_controlfp
?terminate@@YAXXZ
__security_error_handler
_onexit
__dllonexit
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_amsg_exit
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
memset
_except_handler3
malloc
memmove
wcsncmp
_wcslwr
swprintf
swscanf

kernel32

LoadLibraryExW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
OutputDebugStringW
CreateFileW
GetProcAddress
SetCommState
SetupComm
PurgeComm
EscapeCommFunction
SetCommTimeouts
WriteFile
FlushFileBuffers
ReadFile
MultiByteToWideChar
FindFirstFileW
FindClose
InterlockedDecrement
GetCurrentThreadId
FreeLibrary
GetModuleFileNameW
CreateEventW
GetLastError
PulseEvent
GlobalUnlock
GlobalFree
GlobalAlloc
GlobalLock
LoadLibraryA
GetModuleHandleA
GetStartupInfoW
ExitProcess
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LocalFree
GetVersionExA
GetCommState
GetACP
TerminateThread
SetEvent
CloseHandle
ExitThread
ResetEvent
WaitForMultipleObjects
CreateThread
WaitForSingleObject
lstrcpyW

user32

EnableWindow
IsWindowEnabled
GetDlgItem
SendMessageW
GetFocus
GetWindowRect
GetClientRect
GetSystemMetrics
GetDesktopWindow
wsprintfW
SetWindowTextW
PostMessageW
LoadIconW
LoadCursorW
IsWindow
SetCursor
SetTimer
KillTimer
ShowWindow
SetActiveWindow
SetWindowPos
LoadStringW
SetProcessDefaultLayout
SetFocus
DrawIcon
IsIconic

gdi32

TranslateCharsetInfo
CreateFontW
DeleteObject
GetStockObject

advapi32

RegOpenKeyExA
RegQueryValueExA
RegQueryInfoKeyW
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

comctl32

ImageList_ReplaceIcon
ImageList_Create

ole32

CoUninitialize
CoTaskMemFree
StringFromCLSID
CLSIDFromString
CoCreateInstance
CoInitialize

oleaut32

SysAllocStringLen
SafeArrayGetElement
SysStringLen
SysFreeString
SysAllocString

msvcp71

?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBG@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?compare@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEHPBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z

Sections

.text
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 104KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4a791745b12c327dc72ce55a421f8de2

Headers

File Characteristics

Imports

pcssupportsetup

pcscm

shlwapi

shell32

setupapi

connapi

mfc71u

msvcr71

kernel32

user32

gdi32

advapi32

comctl32

ole32

oleaut32

msvcp71

Sections

.text Size: 76KB - Virtual size: 72KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 24KB - Virtual size: 20KB

.UPX0 Size: 104KB - Virtual size: 252KB

.text
Size: 76KB - Virtual size: 72KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 24KB - Virtual size: 20KB

.UPX0
Size: 104KB - Virtual size: 252KB