3a17a4beba52f5601acb9dfd46b73fb4_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3a17a4beba52f5601acb9dfd46b73fb4_JaffaCakes118
Size

545KB
MD5

3a17a4beba52f5601acb9dfd46b73fb4
SHA1

fd4386e6e9c33e784fe278c212cbaf97034709ea
SHA256

36ed07d8aedcf049a92a19477713b9551936745025fbd5fdda41848d08cf2bbc
SHA512

f8a63283404f65a1d18f2223dad48ee440d92cb11e9cfab71e3fb9f135982799d589b6e90268858e7dc69b927fc2a56d0144d2a3f86548fa3d49ebd2f80710ce
SSDEEP

12288:j+nqkWmboXt6mstjnofQGCJeT/EMu2kv/zXlWUSxD2/:j+nqDt6sffUeT1Wwm

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a17a4beba52f5601acb9dfd46b73fb4_JaffaCakes118

Files

3a17a4beba52f5601acb9dfd46b73fb4_JaffaCakes118
.exe windows:6 windows x86 arch:x86

9b83a950634532cae60695d5c1377442

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

PrintFilterPipelineSvc.pdb

Imports

advapi32

TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegQueryValueExW
RegEnumKeyExW
MapGenericMask
AccessCheck
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetThreadToken
OpenThreadToken

kernel32

InterlockedIncrement
InterlockedDecrement
LoadLibraryW
GetProcAddress
GetModuleHandleW
lstrcmpiW
FreeLibrary
LoadLibraryExW
Sleep
OutputDebugStringW
OutputDebugStringA
IsDebuggerPresent
CreateThread
CreateEventW
GetCurrentThreadId
SetEvent
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
GetModuleFileNameW
RtlCaptureStackBackTrace
HeapSetInformation
DeleteTimerQueueEx
RegisterWaitForSingleObject
UnregisterWaitEx
AddVectoredExceptionHandler
CreateTimerQueueTimer
DeleteTimerQueueTimer
GetLastError
FlushFileBuffers
ReadFile
WriteFile
WaitForMultipleObjects
DebugBreak
SetFilePointerEx
CreateFileW
SetFilePointer
SetEndOfFile
GetFileAttributesW
GetSystemDirectoryW
FindFirstFileW
DeleteFileW
FindNextFileW
FindClose
CreateSemaphoreW
QueueUserWorkItem
ResetEvent
ReleaseSemaphore
ExitProcess
GetCurrentThread
LocalFree
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
WideCharToMultiByte
InterlockedExchange
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
WaitForSingleObject
CloseHandle
InitializeCriticalSectionAndSpinCount
CreateTimerQueue

user32

DispatchMessageW
TranslateMessage
GetMessageW
UnregisterClassA
PostThreadMessageW
CharNextW

msvcrt

_callnewh
??1exception@@UAE@XZ
??0exception@@QAE@XZ
memset
_purecall
__CxxFrameHandler3
wcsncpy_s
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABV0@@Z
_CxxThrowException
memcpy_s
free
malloc
_vsnwprintf
_vsnprintf
??1type_info@@UAE@XZ
_except_handler4_common
realloc
_errno
_unlock
__dllonexit
_lock
_onexit
_controlfp
_wcsicmp
wcstoul
??0exception@@QAE@ABQBD@Z
memcpy
memmove_s
??0bad_cast@@QAE@ABV0@@Z
??1bad_cast@@UAE@XZ
memchr
localeconv
strcspn
sprintf_s
_strtoi64
_strtoui64
__crtLCMapStringA
__pctype_func
isupper
___lc_codepage_func
___lc_handle_func
___mb_cur_max_func
setlocale
__crtGetStringTypeW
__crtLCMapStringW
__mb_cur_max
islower
tolower
isspace
abort
isdigit
isalnum
__uncaught_exception
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
_ftol2
?terminate@@YAXXZ

oleaut32

SysFreeString
VarUI4FromStr
SysAllocStringLen
GetErrorInfo
VariantCopy
VariantClear
VariantInit
SysAllocString
SetErrorInfo

ole32

CoRevertToSelf
CoInitializeEx
CoImpersonateClient
CoSuspendClassObjects
CoTaskMemAlloc
CoCreateGuid
StringFromGUID2
CoGetObjectContext
IIDFromString
CreateStreamOnHGlobal
CoUninitialize
CoResumeClassObjects
CoCreateInstance
CoTaskMemFree
CoRegisterClassObject
CoTaskMemRealloc
CoRevokeClassObject

winspool.drv

SetJobW
EndDocPrinter
GetPrinterDriverDirectoryW
GetPrinterDataW
OpenPrinterW
GetPrinterW
StartDocPrinterW
EndPagePrinter
StartPagePrinter
ReadPrinter
DocumentPropertiesW
SeekPrinter
WritePrinter
ClosePrinter

ntdll

EtwEventWrite
RtlReportException
EtwEventEnabled
EtwEventUnregister
EtwEventRegister
EtwTraceMessage

prntvpt

ord9
ord4
ord2

xpssvcs

CreateReachPackageReceiver
CreateReachPackageSender

Sections

.text
Size: 394KB - Virtual size: 393KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9b83a950634532cae60695d5c1377442

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

msvcrt

oleaut32

ole32

winspool.drv

ntdll

prntvpt

xpssvcs

Sections

.text Size: 394KB - Virtual size: 393KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 35KB - Virtual size: 34KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 394KB - Virtual size: 393KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 35KB - Virtual size: 34KB

.UPX0
Size: 108KB - Virtual size: 260KB