3e763fe95b33e9d8726005e72a09d2ee_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3e763fe95b33e9d8726005e72a09d2ee_JaffaCakes118
Size

84KB
MD5

3e763fe95b33e9d8726005e72a09d2ee
SHA1

840f3acfcea12df1d250fd401c1cfc462655c589
SHA256

ba227864d7a196b42c114f0650a091bc0e16d4db3f85a6ee7e8ec838e1c5817c
SHA512

0674de6e227500ae7640ea518e82087f6521556996ba3139fd5a01abc91c47ed569d91c254d4178fe228d39901e7f0dd8174f32895f7e8c66d35970ad5ba0f3b
SSDEEP

1536:H57HCfy+I8/c4ccsQUpKwpOsTFUqJExVIcoXIKj5UeOOA:H5jCKz8U4vHuKmO24JoXIeUQ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e763fe95b33e9d8726005e72a09d2ee_JaffaCakes118

Files

3e763fe95b33e9d8726005e72a09d2ee_JaffaCakes118
.exe windows:3 windows x86 arch:x86

0b0ee715ca8d6f44d3d3df4222b23d65

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfW
LoadStringW
DialogBoxParamW
EndDialog
SetDlgItemTextW
CloseWindowStation
GetProcessWindowStation
OpenWindowStationW
SetProcessWindowStation
GetDesktopWindow
GetWindowRect
GetClientRect
MapWindowPoints
SetWindowPos
OpenDesktopW
SetThreadDesktop
GetThreadDesktop
CloseDesktop
MsgWaitForMultipleObjects
PostThreadMessageW
wsprintfA

kernel32

GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
MultiByteToWideChar
ReleaseMutex
DebugBreak
RaiseException
CreateFileW
GetWindowsDirectoryW
CreateMutexW
GetLocalTime
SetFilePointer
lstrcatA
lstrcpyA
lstrlenA
InterlockedCompareExchange
GetModuleHandleW
LocalFree
GetSystemInfo
CreateSemaphoreW
Sleep
ReleaseSemaphore
SetLastError
GetComputerNameW
GetCurrentThread
WideCharToMultiByte
GlobalFree
GlobalAlloc
GlobalMemoryStatusEx
ResetEvent
DuplicateHandle
CreateEventA
PostQueuedCompletionStatus
InterlockedExchangeAdd
QueryPerformanceFrequency
CreateIoCompletionPort
InterlockedExchange
FreeLibraryAndExitThread
GetQueuedCompletionStatus
SetThreadPriority
OutputDebugStringA
GetTickCount
lstrcmpA
lstrcmpiW
VirtualQueryEx
lstrcpynW
LockResource
LoadResource
FindResourceW
DeleteFileW
SetFileAttributesW
FindNextFileW
FindFirstFileW
CreateProcessW
ExpandEnvironmentStringsW
CreateDirectoryW
GetThreadContext
IsDebuggerPresent
GetModuleHandleA
FormatMessageW
GetFileAttributesW
GetLastError
GetVersionExA
FreeLibrary
lstrcatW
lstrcpyW
CreateEventW
WaitForSingleObject
CloseHandle
SetEvent
GetUserDefaultLCID
InterlockedDecrement
CompareStringW
lstrcmpW
InterlockedIncrement
lstrlenW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
GetVersionExW
VirtualAlloc

ole32

StringFromCLSID
CoGetMalloc
CoGetObjectContext
FreePropVariantArray
PropVariantClear
PropVariantCopy
CoUnmarshalInterface
IIDFromString
StringFromIID
CoUninitialize
CoRevokeClassObject
CoRegisterClassObject
CoRevertToSelf
CoImpersonateClient
CoMarshalInterface
CreateStreamOnHGlobal
CoGetInterceptorFromTypeInfo
CoCreateInstance
CoEnableCallCancellation
CoDisableCallCancellation
StringFromGUID2
CoGetObject
CoCreateGuid
CLSIDFromString
CoGetClassObject
CoSetProxyBlanket
CoCancelCall
CoTaskMemFree
CoTaskMemAlloc
CoInitializeEx

advapi32

RegQueryInfoKeyW
SetThreadToken
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
RegSetValueExW
RegCreateKeyExW
RegisterServiceCtrlHandlerW
RegDeleteValueW
DeleteService
OpenSCManagerW
OpenServiceW
ChangeServiceConfigW
CreateServiceW
ChangeServiceConfig2W
CloseServiceHandle
ControlService
QueryServiceStatus
SetServiceStatus
RegEnumKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
MakeAbsoluteSD
MakeSelfRelativeSD
IsValidSecurityDescriptor
OpenThreadToken
OpenProcessToken
GetTokenInformation
GetLengthSid
InitializeAcl
AddAccessAllowedAce
GetSecurityDescriptorLength
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
DeregisterEventSource
ReportEventW
RegisterEventSourceW
RegOpenKeyW
AllocateAndInitializeSid
FreeSid
SetSecurityDescriptorDacl
SetSecurityDescriptorSacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
InitializeSecurityDescriptor
CheckTokenMembership
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
LookupAccountSidW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegUnLoadKeyW
RegLoadKeyW
RegEnumValueW
RegCloseKey

rpcrt4

NdrCStdStubBuffer_Release
NdrCStdStubBuffer2_Release
NdrDllUnregisterProxy
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
NdrDllRegisterProxy
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
NdrStubCall2
NdrStubForwardingFunction
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
I_RpcBindingInqTransportType
NdrDllGetClassObject

version

VerQueryValueW

msvcrt

wcscpy
_onexit
__dllonexit
_initterm
_wstrdate
_wstrtime
_waccess
wcsrchr
__CxxFrameHandler
_vsnprintf
_beginthreadex
wcsncmp
_vsnwprintf
wcstoul
wcslen
malloc
_wcsicmp
wcscmp
_wcsnicmp
_itow
wcscat
free
iswctype
calloc
getenv

ntdll

RtlDelete
RtlSplay
RtlInitializeCriticalSectionAndSpinCount
RtlDeleteCriticalSection
RtlInitializeCriticalSection

cmutil

CmStrchrW
CmAtolW
IsFarEastNonOSR2Win95
CmStrCatAllocA
SzToWzWithAlloc
CmStrStrW

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: 3KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1KB - Virtual size: 39KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX3
Size: 2KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b0ee715ca8d6f44d3d3df4222b23d65

Headers

File Characteristics

Imports

user32

kernel32

ole32

advapi32

rpcrt4

version

msvcrt

ntdll

cmutil

Sections

.text Size: 13KB - Virtual size: 12KB

.rdata Size: 7KB - Virtual size: 7KB

UPX0 Size: 3KB - Virtual size: 42KB

UPX1 Size: 1KB - Virtual size: 39KB

UPX2 Size: 1KB - Virtual size: 9KB

.rdata Size: 45KB - Virtual size: 209KB

UPX3 Size: 2KB - Virtual size: 38KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 2KB - Virtual size: 4KB

.text
Size: 13KB - Virtual size: 12KB

.rdata
Size: 7KB - Virtual size: 7KB

UPX0
Size: 3KB - Virtual size: 42KB

UPX1
Size: 1KB - Virtual size: 39KB

UPX2
Size: 1KB - Virtual size: 9KB

.rdata
Size: 45KB - Virtual size: 209KB

UPX3
Size: 2KB - Virtual size: 38KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 2KB - Virtual size: 4KB