34f150eeb6f7a523235958370bb018bc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

34f150eeb6f7a523235958370bb018bc_JaffaCakes118
Size

121KB
MD5

34f150eeb6f7a523235958370bb018bc
SHA1

b4772fa9b18819da4c525f2eaa0d5bfd0ad557e5
SHA256

53d5f5302c8658ef4021871254d975d4f5baa69939cf3ddf6c4e7c52cf59a941
SHA512

f45f12474d098b52071c0f1ad71b23ef38ab61e78cb6f9158ea4aa0ea932ac1c1dc4dc695f0a80068cad17bffdefceb71d247878416ecc406b9673ffbaeb2224
SSDEEP

3072:3WBbJc+/gnyP7MFXlPRzei2xw5GZsqGKncnR2Sp4N5Mh0Qwsg:3WBbhgnU7M/PR6iUNW+C2XXMh07

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
34f150eeb6f7a523235958370bb018bc_JaffaCakes118

Files

34f150eeb6f7a523235958370bb018bc_JaffaCakes118
.exe windows:6 windows x86 arch:x86

00e427597cd9af6e5f4b7d178d81a6ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

subst.pdb

Imports

kernel32

GetLastError
QueryDosDeviceW
DefineDosDeviceW
HeapSetInformation
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedCompareExchange
Sleep
InterlockedExchange
UnhandledExceptionFilter

msvcrt

_except_handler4_common
_controlfp
__getmainargs
_cexit
_exit
_XcptFilter
exit
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
_wcsupr
?terminate@@YAXXZ

ulib

?QueryInvalidArgument@ARGUMENT_LEXEMIZER@@QAEPAVWSTRING@@XZ
?GetLexemeAt@ARGUMENT_LEXEMIZER@@QAEPAVWSTRING@@K@Z
??1PATH@@UAE@XZ
?DoParsing@ARGUMENT_LEXEMIZER@@QAEEPAVARRAY@@@Z
?Put@ARRAY@@UAEEPAVOBJECT@@@Z
?Initialize@PATH_ARGUMENT@@QAEEPADE@Z
?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z
?Initialize@STRING_ARGUMENT@@QAEEPAD@Z
??1STREAM_MESSAGE@@UAE@XZ
??1ARGUMENT_LEXEMIZER@@UAE@XZ
??1ARRAY@@UAE@XZ
?QueryDirectory@SYSTEM@@SGPAVFSN_DIRECTORY@@PBVPATH@@E@Z
??1PATH_ARGUMENT@@UAE@XZ
?PrepareToParse@ARGUMENT_LEXEMIZER@@QAEEPAVWSTRING@@@Z
?IsValueSet@ARGUMENT@@QAEEXZ
?PutSeparators@ARGUMENT_LEXEMIZER@@QAEXPBD@Z
?PutSwitches@ARGUMENT_LEXEMIZER@@QAEXPBD@Z
?Initialize@ARGUMENT_LEXEMIZER@@QAEEPAVARRAY@@@Z
?Initialize@ARRAY@@QAEEKK@Z
?Initialize@STREAM_MESSAGE@@QAEEPAVSTREAM@@00@Z
?Get_Standard_Output_Stream@@YGPAVSTREAM@@XZ
?Get_Standard_Input_Stream@@YGPAVSTREAM@@XZ
?Get_Standard_Error_Stream@@YGPAVSTREAM@@XZ
??0FLAG_ARGUMENT@@QAE@XZ
??0PATH_ARGUMENT@@QAE@XZ
??0STRING_ARGUMENT@@QAE@XZ
??0ARRAY@@QAE@XZ
??0ARGUMENT_LEXEMIZER@@QAE@XZ
??0STREAM_MESSAGE@@QAE@XZ
?GetPattern@ARGUMENT@@QAEPAVWSTRING@@XZ
??0PATH@@QAE@XZ
?Initialize@WSTRING@@QAEEPBV1@KK@Z
?SetCaseSensitive@ARGUMENT_LEXEMIZER@@QAEXE@Z
?QueryWSTR@WSTRING@@QBEPAGKKPAGKE@Z
?Initialize@PATH@@QAEEPBV1@E@Z
??0DSTRING@@QAE@XZ
?Initialize@WSTRING@@QAEEPBGK@Z
??1DSTRING@@UAE@XZ
??0FSTRING@@QAE@XZ
?Initialize@FSTRING@@QAEPAVWSTRING@@PAGK@Z
?Strstr@WSTRING@@QBEKPBV1@@Z
?DeleteChAt@WSTRING@@QAEXKK@Z
??1OBJECT@@UAE@XZ
?Display@MESSAGE@@QAAEPBDZZ
?Initialize@WSTRING@@QAEEPBDK@Z
??1STRING_ARGUMENT@@UAE@XZ
?Set@STREAM_MESSAGE@@UAEEKW4MESSAGE_TYPE@@K@Z

ntdll

RtlFreeUnicodeString
RtlFreeHeap
RtlDosPathNameToNtPathName_U

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 766B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

00e427597cd9af6e5f4b7d178d81a6ea

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcrt

ulib

ntdll

Sections

.text Size: 9KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 888B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 766B

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 888B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 766B

.UPX0
Size: 108KB - Virtual size: 260KB