377fa8647e246fef8f790ef45e7c88e4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

377fa8647e246fef8f790ef45e7c88e4_JaffaCakes118
Size

224KB
MD5

377fa8647e246fef8f790ef45e7c88e4
SHA1

dd5193007939398fdb40aeabdf77398d139ba189
SHA256

cb126473d8a2aef0aa85c274f96b6d658a30a0dd8c75de626db77ad105c501e4
SHA512

8f314dcacb23bbc4d5753495cd0d6e801959efd8b58c88c99c14029fe98ad780e693f4e22abeb88d97eea6be90b7d35297c9e7862a1ee73394e1038365618ebd
SSDEEP

6144:6qs0EoMxRZOXewIXeozct8JmSdm8YJCsWGUdUNcFMl6fL3nndn4xkzHj:1MxRZwewRozct8JmSdm8YJCsWGUdUNcb

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
377fa8647e246fef8f790ef45e7c88e4_JaffaCakes118

Files

377fa8647e246fef8f790ef45e7c88e4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ddddccef37f15122b66de9afbe53ddd4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

psregapi

?CloseKey@CRegApi@@QAEJXZ
?SetValue@CRegApi@@QAEJPBDK0@Z
?CreateKey@CRegApi@@QAEJPAUHKEY__@@PBDKKAAK@Z
??0CRegApi@@QAE@XZ
?QueryValue@CRegApi@@QAEJPBDPADAAK@Z
?OpenKey@CRegApi@@QAEJPAUHKEY__@@PBDK@Z
??1CRegApi@@UAE@XZ

traceapi

?ServiceAlerts@CEvTraceAlerter@@QAEJKPAX0@Z
EvtInitialize
EvtUnInitialize
UnRegisterEvTrace
?MakeTraceProperties@CEvTrace@@SAPAU_EVENT_TRACE_PROPERTIES@@PBD0KABU_GUID@@@Z
?StopAlerts@CEvTraceAlerter@@QAEJXZ
??0CEvTraceAlerter@@QAE@PAVCEvDataQueue@@@Z
?MakeTraceProperties1@CEvTrace@@SAPAU_EVENT_TRACE_PROPERTIES@@XZ
EvTraceString
??0CEvDataQueue@@QAE@XZ
?WriteEventsToFile@CEvDataQueue@@QAEJAAPAX@Z
?DeleteAllEvents@CEvDataQueue@@QAEJXZ
RegisterEvTrace

kernel32

GetCurrentThreadId
lstrcmpiA
GetCommandLineA
lstrlenA
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
lstrlenW
MultiByteToWideChar
GetShortPathNameA
GetModuleHandleA
WideCharToMultiByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
InterlockedDecrement
IsDBCSLeadByte
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcatA
GetCurrentProcess
GetCurrentThread
LeaveCriticalSection
EnterCriticalSection
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
LocalAlloc
CreateFileA
SetEvent
WaitForSingleObject
CreateEventA
GetLastError
WaitForMultipleObjects
ResetEvent
CloseHandle
LocalFree
DeleteFileA
GetModuleFileNameA
CreateThread
WriteFile
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetFilePointer
SetEnvironmentVariableA
SetConsoleCtrlHandler
SetStdHandle
Sleep
FlushFileBuffers
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetTimeZoneInformation
GetLocaleInfoW
CompareStringA
CompareStringW
lstrcpynA
FreeEnvironmentStringsA
UnhandledExceptionFilter
TerminateProcess
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
SetUnhandledExceptionFilter
FatalAppExitA
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetOEMCP
GetACP
RtlUnwind
GetFileAttributesA
RaiseException
HeapFree
HeapAlloc
HeapReAlloc
GetStartupInfoA
GetVersion
ExitProcess
GetCPInfo

user32

PostThreadMessageA
GetMessageA
LoadStringA
DispatchMessageA
CharNextA

advapi32

StartServiceCtrlDispatcherA
GetTokenInformation
OpenThreadToken
OpenProcessToken
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
GetLengthSid
CopySid
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyExA
ControlService
DeleteService
CreateServiceA
ChangeServiceConfig2A
RegDeleteValueA
RegSetValueExA
RegCloseKey
RegQueryValueExA
SetServiceStatus
RegisterServiceCtrlHandlerA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
OpenSCManagerA
OpenServiceA
CloseServiceHandle
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
EnableTrace
ControlTraceA
StartTraceA

ole32

CoInitializeSecurity
CoCreateGuid
CoUninitialize
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoRegisterClassObject
CoRevokeClassObject
CoCreateInstance

oleaut32

SysStringLen
LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
SysAllocString
VarUI4FromStr
SysFreeString

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ddddccef37f15122b66de9afbe53ddd4

Headers

File Characteristics

Imports

psregapi

traceapi

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 68KB - Virtual size: 64KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 16KB - Virtual size: 21KB

.rsrc Size: 8KB - Virtual size: 4KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 68KB - Virtual size: 64KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 16KB - Virtual size: 21KB

.rsrc
Size: 8KB - Virtual size: 4KB

.UPX0
Size: 108KB - Virtual size: 260KB