391b7aea9c392a2a1712b5bbedfa6435_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

391b7aea9c392a2a1712b5bbedfa6435_JaffaCakes118
Size

161KB
MD5

391b7aea9c392a2a1712b5bbedfa6435
SHA1

ff4c5741cbcc7b114319322881eb04664245a59e
SHA256

bf7ea1c0ba0d8db45e319cd9f159ae450e6289be3f2923f0911bdb6cf38b6261
SHA512

22b73ccde13ebbc887f5ee05fc34583a8a2c33dd5c1793f8fa425bec656d65af0a9273968ec45aa87522fb02855871dd82af16397e71ab6f46b322e09107ffd5
SSDEEP

3072:YGJ/7lcf4kCIvWBPddksc3+KDxMNAkSRA:LJzlcfaIuBpc3QNAkn

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
391b7aea9c392a2a1712b5bbedfa6435_JaffaCakes118

Files

391b7aea9c392a2a1712b5bbedfa6435_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9a7749524e38706d701788a4556a1558

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
WriteFile
SetFilePointer
FlushFileBuffers
FindClose
FindFirstFileA
FileTimeToSystemTime
FileTimeToLocalFileTime
HeapAlloc
RtlUnwind
ExitProcess
HeapFree
GetTimeZoneInformation
GetSystemTime
GetLocalTime
FindNextFileA
ExitThread
GetStartupInfoA
GetCommandLineA
RaiseException
HeapSize
HeapReAlloc
GetACP
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetOEMCP
GetCPInfo
GlobalFlags
lstrcmpA
GetProcessVersion
FreeLibrary
lstrcatA
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpyA
GetModuleHandleA
GetCurrentThreadId
GetModuleFileNameA
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalAlloc
GlobalReAlloc
GlobalLock
GlobalHandle
GlobalUnlock
GlobalFree
TlsAlloc
LocalAlloc
GetVersion
lstrcpynA
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LocalFree
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
CopyFileA
LoadLibraryA
CreateThread
CloseHandle
GetTickCount
Sleep
GetProcAddress
CreateMutexA
GetLastError
TerminateProcess

advapi32

RegCreateKeyExA
RegDeleteValueA
RegSetValueExA
RegCloseKey
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA

comctl32

gdi32

SelectObject
RestoreDC
SaveDC
DeleteDC
DeleteObject
GetDeviceCaps
GetObjectA
SetBkColor
GetStockObject
CreateBitmap
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetTextColor

user32

GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
SetFocus
GetSysColor
MapWindowPoints
PostMessageA
LoadIconA
SetWindowTextA
LoadCursorA
GetSysColorBrush
ReleaseDC
GetDC
GetClassNameA
PtInRect
ClientToScreen
PostQuitMessage
DestroyMenu
TabbedTextOutA
DrawTextA
GrayStringA
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetDlgItem
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
DispatchMessageA
GetKeyState
CallNextHookEx
PeekMessageA
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
SendMessageA
MessageBoxA
EnableWindow
UnhookWindowsHookEx
LoadStringA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

Sections

UPX0
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9a7749524e38706d701788a4556a1558

Headers

File Characteristics

Imports

kernel32

advapi32

comctl32

gdi32

user32

winspool.drv

Sections

UPX0 Size: 156KB - Virtual size: 156KB

.avp Size: 4KB - Virtual size: 8KB

UPX0
Size: 156KB - Virtual size: 156KB

.avp
Size: 4KB - Virtual size: 8KB