3455ff95ac31dbd68011b05f30a56a3a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3455ff95ac31dbd68011b05f30a56a3a_JaffaCakes118
Size

420KB
MD5

3455ff95ac31dbd68011b05f30a56a3a
SHA1

b593fc11555c33fa1926636ad89c9e13ac316644
SHA256

21c44a0ad366d999fee71728aa8674703c3ef23b81df115d19a7bd94b155c80d
SHA512

248ee08c76003b042caac544a5ed5c106c38864be8535c364e50330f3434453c356d63e469a63d3df57648d15df062f8a4e40af99f5e66ced90427de990119d7
SSDEEP

6144:QpuQmhmwMcHkZ+JPfE9f4fJ5seA83Gmm28ntcF7z21WTvUK7IMINy:OuQmhIcHkVIrm2sA7zCWzX/I8

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3455ff95ac31dbd68011b05f30a56a3a_JaffaCakes118

Files

3455ff95ac31dbd68011b05f30a56a3a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b8e94022a293be12a3409ae01d6a0e11

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocaleInfoA
GetStringTypeW
GetStringTypeA
FlushFileBuffers
GetProcessHeap
SetEndOfFile
InitializeCriticalSectionAndSpinCount
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetModuleHandleA
GetConsoleOutputCP
WriteConsoleA
SetHandleCount
GetFileType
SetStdHandle
GetModuleFileNameA
GetStdHandle
HeapCreate
ExitProcess
GetVersionExA
GetSystemDirectoryA
CreateThread
GetCommandLineW
FreeLibrary
LoadLibraryA
GetProcAddress
GetLastError
GetCurrentDirectoryA
MultiByteToWideChar
HeapReAlloc
VirtualAlloc
VirtualFree
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
HeapSize
GetFileAttributesA
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleW
WideCharToMultiByte
CopyFileA
SetFileAttributesA
SetEnvironmentVariableA
CreateProcessA
WaitForSingleObject
TerminateProcess
GetExitCodeProcess
CreateDirectoryA
ReadFile
FindFirstFileA
FindNextFileA
FindClose
Sleep
SetCurrentDirectoryA
MoveFileA
SetThreadPriority
CreateFileA
GetFileSize
SetFilePointer
WriteFile
WriteConsoleW
CloseHandle
GetStartupInfoA
GetCommandLineA
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
DeleteFileA
RtlUnwind
HeapAlloc
HeapFree
GetConsoleCP
GetConsoleMode
GetSystemTimeAsFileTime

user32

CreateWindowExA
SetTimer
SetLayeredWindowAttributes
LoadImageA
ShowWindow
SetForegroundWindow
UpdateWindow
SendMessageA
MessageBoxA
PostMessageA
AdjustWindowRect
RegisterWindowMessageA
BroadcastSystemMessageA
LoadMenuA
GetSubMenu
GetMessageA
TranslateMessage
DispatchMessageA
DestroyIcon
LoadIconA
PostQuitMessage
CheckMenuItem
GetSystemMetrics
TrackPopupMenu
RegisterClassExA
LoadBitmapA
GetCursorPos
LoadCursorA
DestroyCursor
BeginPaint
DrawTextExW
EndPaint
KillTimer
DestroyWindow
DefWindowProcA
ReleaseCapture
SetCapture
GetWindowRect
SetWindowPos
RedrawWindow
SetCursor
SystemParametersInfoA

gdi32

DeleteObject
CreateCompatibleDC
CreateSolidBrush
SelectObject
SetBrushOrgEx
PatBlt
SetBkMode
SetTextColor
TextOutA
CreatePatternBrush
DeleteDC
BitBlt

advapi32

RegDeleteValueA
RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCloseKey

shell32

SHGetFolderPathA
CommandLineToArgvW
Shell_NotifyIconW
ShellExecuteA
ShellExecuteExA

oleaut32

VariantInit
VariantClear

wininet

InternetOpenA
InternetCloseHandle
InternetReadFile
HttpQueryInfoA
InternetOpenUrlA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetCrackUrlA

htmlayout

HTMLayoutGetChildrenCount
HTMLayoutGetAttributeByName
HTMLayoutGetRootElement
HTMLayoutGetParentElement
HTMLayoutGetElementType
HTMLayoutSetElementInnerText16
HTMLayoutSetAttributeByName
HTMLayoutUpdateElement
HTMLayoutSetStyleAttribute
HTMLayoutInsertElement
HTMLayoutCreateElement
HTMLayoutSetElementHtml
HTMLayoutDeleteElement
HTMLayoutSetElementState
HTMLayoutLoadFile
HTMLayoutSetScrollPos
HTMLayoutGetScrollInfo
HTMLayoutGetElementText
HTMLayoutWindowAttachEventHandler
HTMLayoutSetCallback
HTMLayoutGetNthChild
HTMLayoutProcND

urlmon

CreateURLMoniker

Sections

.text
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 104KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b8e94022a293be12a3409ae01d6a0e11

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

oleaut32

wininet

htmlayout

urlmon

Sections

.text Size: 119KB - Virtual size: 119KB

.rdata Size: 20KB - Virtual size: 20KB

.data Size: 5KB - Virtual size: 98KB

.rsrc Size: 169KB - Virtual size: 169KB

.UPX0 Size: 104KB - Virtual size: 252KB

.text
Size: 119KB - Virtual size: 119KB

.rdata
Size: 20KB - Virtual size: 20KB

.data
Size: 5KB - Virtual size: 98KB

.rsrc
Size: 169KB - Virtual size: 169KB

.UPX0
Size: 104KB - Virtual size: 252KB