391c00bc5752eecdc8468ee2254839e8_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

391c00bc5752eecdc8468ee2254839e8_JaffaCakes118
Size

387KB
MD5

391c00bc5752eecdc8468ee2254839e8
SHA1

3ef93e20e5328055d1d1ef6772e744f87949164f
SHA256

0aba35ad70e57451cabf0779c609c2872ab44185d9cd5b8e6d42773a29847fed
SHA512

dc88dfe80a426ef1d5f407cbd9cad55a09f4ed41bf39387e419ef53642b6b0c1ac9bd0d159ec51d5d19cb897d46b7264a499ca6ffec516fc7e526638a400d4c6
SSDEEP

6144:owUB39uBWiRvZ6GwLwbSQG+YAGM5hlZTEP7rcAihVBZmb+2RgMu659jF8njDlW2v:VUpARv7wLgO+YqhHElAMu6F8nHz

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
391c00bc5752eecdc8468ee2254839e8_JaffaCakes118

Files

391c00bc5752eecdc8468ee2254839e8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

833a4cf18584ca4a2b178aecdf72d995

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

winhlp32.pdb

Imports

msvcrt

isdigit
isalpha
strtol
strtoul
_strcmpi
strstr
strncpy
strchr
_stricmp
atoi
_fullpath
_except_handler3
strrchr
atol
tolower
_exit
_strnicmp
strncmp
??3@YAXPAX@Z
??2@YAPAXI@Z
remove
_itoa
toupper
isspace
_chdrive
_c_exit
_XcptFilter
_cexit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
memmove
_vsnprintf

advapi32

RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA

kernel32

GetProfileStringA
MultiByteToWideChar
GlobalFree
GlobalUnlock
GlobalLock
GetUserDefaultUILanguage
GetSystemDefaultLangID
GlobalReAlloc
GlobalAlloc
GetTimeZoneInformation
FindClose
FindFirstFileA
GetFileInformationByHandle
_llseek
GetSystemDirectoryA
GetModuleHandleW
GetProfileIntA
CloseHandle
GetVersionExA
GetStartupInfoA
MapViewOfFile
CreateFileMappingA
GetCurrentThread
IsBadReadPtr
GetModuleFileNameA
IsValidLocale
GlobalSize
VirtualAlloc
VirtualFree
_lclose
_lcreat
_lwrite
_lread
GetLastError
_lopen
SetEndOfFile
SetFilePointer
DeleteFileA
FindNextFileA
GetTickCount
SetCurrentDirectoryA
CopyFileA
MoveFileA
SetFileAttributesA
FileTimeToLocalFileTime
SystemTimeToFileTime
GetSystemTime
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetSystemDefaultUILanguage
ExpandEnvironmentStringsA
SearchPathA
GetPrivateProfileStringA
GetTempPathA
GetTempFileNameA
CreateDirectoryA
GetCurrentDirectoryA
GetSystemWindowsDirectoryA
GetWindowsDirectoryA
lstrcmpiA
GetFileAttributesA
GetModuleHandleA
SetErrorMode
LoadLibraryA
GetBinaryTypeA
FreeLibrary
Sleep
GetProcAddress
WinExec
GetUserDefaultLCID
CompareStringA
MulDiv
LocalSize
lstrcpynA
IsDBCSLeadByte
lstrcpyA
lstrlenA
LocalAlloc
LocalReAlloc
LocalFree
GetLocaleInfoA

gdi32

EnumFontFamiliesExA
GetTextAlign
SetTextAlign
GetTextColor
GetBkColor
Escape
SetAbortProc
StartDocA
EndDoc
CreateDCA
StartPage
EndPage
GetSystemPaletteEntries
CreatePen
IntersectClipRect
UnrealizeObject
SetBrushOrgEx
CreatePatternBrush
GetTextExtentPoint32A
CreateFontA
CreateRectRgn
SetRectRgn
CombineRgn
InvertRgn
PatBlt
ExtTextOutA
GetTextExtentPointW
GetTextExtentPointA
SetBkMode
TextOutW
TextOutA
GetTextCharset
TranslateCharsetInfo
GetObjectA
LineTo
Rectangle
GetStockObject
CreateFontIndirectA
SetPixel
CreateCompatibleBitmap
GetTextMetricsA
SetROP2
MoveToEx
DeleteObject
GetNearestColor
CreateCompatibleDC
SelectObject
SetTextColor
SetBkColor
SetViewportOrgEx
SetWindowExtEx
SetViewportExtEx
PlayMetaFile
DeleteDC
CreateDiscardableBitmap
CreateSolidBrush
BitBlt
SetStretchBltMode
StretchBlt
CreateICA
GetDeviceCaps
CreatePalette
SaveDC
SetMapMode
SetWindowOrgEx
LPtoDP
RestoreDC
SetMetaFileBitsEx
CreateBitmap
SetDIBits
CreateDIBitmap
SelectPalette
RealizePalette
DeleteMetaFile
GetTextFaceA

user32

GetSystemMetrics
EnumWindows
RegisterClassA
UnregisterClassA
DrawFocusRect
GetAsyncKeyState
ValidateRect
EnumChildWindows
GetWindowDC
CopyRect
CreateDialogParamA
IsDialogMessageA
ScrollWindow
SetScrollRange
GetScrollPos
SetScrollPos
ReleaseCapture
GetClassNameA
EnumThreadWindows
DialogBoxParamA
OffsetRect
KillTimer
GetFocus
PeekMessageA
GetSysColorBrush
BeginPaint
EndPaint
ChildWindowFromPoint
GetMessagePos
MonitorFromPoint
GetMonitorInfoA
SetWindowPos
SetCursor
ClientToScreen
FrameRect
InflateRect
SetCapture
SetMessageQueue
GetMessageA
TranslateAcceleratorA
TranslateMessage
CallWindowProcA
PostMessageA
GetParent
GetClientRect
SetDlgItemTextA
GetWindowLongA
GetDlgItemTextA
GetWindowTextLengthA
IsWindowEnabled
EndDialog
SetWindowLongA
SetFocus
EnableWindow
IsClipboardFormatAvailable
GetDlgItem
SendDlgItemMessageA
CharNextA
CharPrevA
wsprintfA
WinHelpA
CharLowerA
GetSysColor
InvertRect
SetRect
GetActiveWindow
IsWindow
FillRect
SetTimer
ShowWindow
IsWindowVisible
GetWindowRect
SetActiveWindow
InvalidateRect
SendMessageA
SetForegroundWindow
IsIconic
FindWindowA
CreatePopupMenu
AppendMenuA
GetKeyState
DrawMenuBar
GetMenu
DeleteMenu
EnableMenuItem
CheckMenuItem
DestroyWindow
SetWindowTextA
VkKeyScanA
GetWindow
DispatchMessageA
CheckDlgButton
IsDlgButtonChecked
MoveWindow
DestroyMenu
InsertMenuA
CreateMenu
GetWindowTextA
CreateWindowExA
TrackPopupMenu
GetCursorPos
GetMenuItemCount
GetSubMenu
SetMenu
LoadMenuA
LoadStringA
CharUpperA
GetDesktopWindow
MessageBoxA
LoadBitmapA
PtInRect
ShowScrollBar
InvalidateRgn
UpdateWindow
ReleaseDC
GetDC
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
ScreenToClient
CharNextW
RegisterClassExA
LoadIconA
LoadImageA
IsRectEmpty
SetRectEmpty
SystemParametersInfoA
EqualRect
IsZoomed
RegisterWindowMessageA
SetProcessDefaultLayout
GetProcessDefaultLayout
LoadCursorA
LoadAcceleratorsA
PostQuitMessage
DefWindowProcA

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 229KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

833a4cf18584ca4a2b178aecdf72d995

Headers

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

gdi32

user32

shell32

Sections

.text Size: 229KB - Virtual size: 228KB

.data Size: 5KB - Virtual size: 15KB

.rsrc Size: 44KB - Virtual size: 43KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 229KB - Virtual size: 228KB

.data
Size: 5KB - Virtual size: 15KB

.rsrc
Size: 44KB - Virtual size: 43KB

.UPX0
Size: 108KB - Virtual size: 260KB