40b6d027c68fb2b6be2e1a58d2c5a76f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

40b6d027c68fb2b6be2e1a58d2c5a76f_JaffaCakes118
Size

136KB
MD5

40b6d027c68fb2b6be2e1a58d2c5a76f
SHA1

cc6c1362f175d33b0149a895581c7dad46d43bbf
SHA256

150b21fbcd4cfed0f6a82339b72c4be213d80c884a0d230f0ea5d28bdef1c1e8
SHA512

282b149ec5cca4a61711ba38a1fefbbfedff9281d0e1cf79d7f94162a9f8dc89ba9bbd13bfe53d9bad484e71c5effc1edf40c3f2bb8cb2e73bad6e34cf3015c7
SSDEEP

3072:KvHJCjMM78wywOhPmecbHi6a4n+vX2UJUGlmEM8Txa0p+8pdmc:KvMYRw0PmPbH17nIGUyGAEMk02+8pdmc

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40b6d027c68fb2b6be2e1a58d2c5a76f_JaffaCakes118

Files

40b6d027c68fb2b6be2e1a58d2c5a76f_JaffaCakes118
.exe windows:6 windows x86 arch:x86

4b8aa723ccfc5b2fba6ed3d8f3557de3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ATBroker.pdb

Imports

advapi32

GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
TraceMessage
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegQueryValueExW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
RegLoadMUIStringW

msvcrt

wcsrchr
_ltow_s
_wtoi
_wcslwr_s
??_V@YAXPAX@Z
??_U@YAPAXI@Z
??2@YAPAXI@Z
memmove_s
memset
free
wcscspn
malloc
_onexit
_lock
__dllonexit
_unlock
_controlfp
_except_handler4_common
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
??3@YAXPAX@Z
wcsspn
memcpy_s

ntdll

WinSqmIsOptedIn
WinSqmAddToStream

shell32

ShellExecuteW

kernel32

GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
InterlockedExchange
Sleep
InterlockedCompareExchange
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
RaiseException
lstrlenW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
MultiByteToWideChar
IsProcessInJob
GetLastError
ExpandEnvironmentStringsW
ProcessIdToSessionId
DeleteFileW
GetFileAttributesW

user32

SystemParametersInfoW
SendMessageTimeoutW
UnregisterClassA
SendInput
GetKeyState

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4b8aa723ccfc5b2fba6ed3d8f3557de3

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

msvcrt

ntdll

shell32

kernel32

user32

Sections

.text Size: 23KB - Virtual size: 22KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 23KB - Virtual size: 22KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

.UPX0
Size: 108KB - Virtual size: 260KB