3a083643ede71876f6763a9c936bd535_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3a083643ede71876f6763a9c936bd535_JaffaCakes118
Size

116KB
MD5

3a083643ede71876f6763a9c936bd535
SHA1

4ea49ca4c6040c4ee87350e89d4c71de90580a12
SHA256

83fd74faed83e3a4034f522a208ed44cc4710fb820ce17b443b90ed4186e572a
SHA512

3f3e946c08629a39671f3b1353b29812b991391da3f2355ac23d5e7ac7f44e4c1a350a2fe9534574b5a36fe932441ce57107b2f79bb423147fdb8c5ddb7c3eed
SSDEEP

1536:iYQziD+a4xeeSinRAT+MnRI2wSWIwKJq3nCBFBT6hG5d+KZy+k227WShfjggdq:iYbe5RAacRIcQdhbKZzr27jf

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a083643ede71876f6763a9c936bd535_JaffaCakes118

Files

3a083643ede71876f6763a9c936bd535_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9d093cc972e78a56ffdd19b3307f29b4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
lstrcpyA
HeapAlloc
GetProcessHeap
lstrcmpiA
lstrcmpA
lstrcatA
lstrcpynA
GlobalFree
HeapFree
CreateThread
Sleep
ExitThread
InterlockedDecrement
InterlockedIncrement
DeleteFileA
GlobalAlloc
GetFileSize
CreateFileA
GetModuleFileNameA
GetTempFileNameA
GetTempPathA
ReadFile
GetEnvironmentVariableA
GetWindowsDirectoryA
FindClose
LoadLibraryA
FindFirstFileA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetDriveTypeA
GetSystemDirectoryA
SetThreadPriority
GetCurrentThread
SetFilePointer
WriteFile
GetSystemTime
WinExec
GetLastError
TerminateThread
ExitProcess
CreateMutexA
GetVersionExA
GlobalMemoryStatus
Module32First
TerminateProcess
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
GetCurrentProcess
GetStartupInfoA
GetProcAddress
WideCharToMultiByte
lstrlenA
CreateProcessA
WaitForSingleObject
CloseHandle
GetTickCount
GetLocalTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
GetTimeZoneInformation

user32

wsprintfA
wvsprintfA
CharUpperBuffA
CharUpperA
CharLowerA

advapi32

RegCreateKeyExA
RegSetValueExA
RegEnumKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegDeleteValueA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegOpenKeyA

shell32

ShellExecuteA

ws2_32

WSAStartup
WSACleanup
connect
inet_addr
gethostbyname
sendto
socket
htons
select
recv
ntohs
closesocket
send

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

msvcrt

??2@YAPAXI@Z
__CxxFrameHandler
rand
srand
strlen
??3@YAXPAX@Z
_purecall
free
malloc
exit
_ftol
strstr
fread
fclose
ftell
fseek
fopen
fwrite
fprintf
sprintf
strncat
strcmp
__dllonexit
_onexit
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
strtok
toupper
__mb_cur_max
_isctype
_pctype
memcpy
tolower
memset
_vsnprintf
fgets

msvcp60

?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHPBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IABV12@II@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@PAD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBD@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHABV12@@Z

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9d093cc972e78a56ffdd19b3307f29b4

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

wininet

msvcrt

msvcp60

Sections

.text Size: 56KB - Virtual size: 55KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 24KB - Virtual size: 24KB

UPX2 Size: 20KB - Virtual size: 16KB

.text
Size: 56KB - Virtual size: 55KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 24KB - Virtual size: 24KB

UPX2
Size: 20KB - Virtual size: 16KB