428dba180f5a69b9b678609748c8327c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

428dba180f5a69b9b678609748c8327c_JaffaCakes118
Size

183KB
MD5

428dba180f5a69b9b678609748c8327c
SHA1

60526135a532f512e3b5a81b4ad485ad51eacd57
SHA256

418d680b877786ad10410c5c1c8af0a311d3481ba5e34a5d404e9134c4431d28
SHA512

cc6e71d7bab7c5b68aedef06acfcbaea730e3f0b8cae545d95d3fe6881203c7c3b77a377038b808be4c3b8c080f9d618b39eaee091c2a10693f778ade6920365
SSDEEP

3072:6j8Tj0OmTmGrSYAc4rADm8n/oiYuoGvo9rIfZRDKuCQ4BNy2BNfD7Fmyvzp:6jm0OmjSY5tnQXIo9rIDDKuF4B02TbMI

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
428dba180f5a69b9b678609748c8327c_JaffaCakes118

Files

428dba180f5a69b9b678609748c8327c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8ff474cd4f7e5b92fe47ce64c26d1404

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Desktop\Desktop\branches\13.0.16\bin\Win32\Release\bdmconlite.pdb

Imports

bdguictl

?bdMessageBox@@YAHPAVCWnd@@PB_W1I1@Z
?SetPasswordForPC@@YA_NPAUPARENTAL_PASSWORD_CONFIG@@@Z
ord3
ord2
ord1
??0CCoolControlManager@@QAE@XZ
?OnResetStoredObjects@CBDDialog@@MAEXXZ
?OnInitSkin@CBDDialog@@MAEXXZ
?OnSkinChange@CBDDialog@@MAEXK@Z
?Create@CBDDialog@@UAEHIPAVCWnd@@KPB_W@Z
?DefWindowProcW@CBDDialog@@MAEJIIJ@Z
?PreSubclassWindow@CBDDialog@@MAEXXZ
?GetRuntimeClass@CBDDialog@@UBEPAUCRuntimeClass@@XZ
?SetHelp@CBDBaseCtrl@@QAEXPB_W0@Z
?GetCaptionCtrl@CBDDialog@@QAEPAVCBDCaptionCtrl@@XZ
?SetTitle@CBDCaptionCtrl@@QAEXPB_WH@Z
?SetSkin@CBDBaseCtrl@@QAEIPB_W@Z
?OnInitDialog@CBDDialog@@MAEHXZ
?GetThisMessageMap@CBDDialog@@KGPBUAFX_MSGMAP@@XZ
??0CBDButton@@QAE@XZ
??0CBDStatic@@QAE@XZ
??0CBDDialog@@QAE@HPAVCWnd@@K@Z
?GetInstance@?$SingletonTemplate@VCBDGDIManager@@@@SAPAVCBDGDIManager@@XZ
??1CBDButton@@UAE@XZ
??1CBDStatic@@UAE@XZ
??1CBDDialog@@UAE@XZ
?SetGDIManager@CBDBaseCtrl@@QAEXPAVCBDGDIManager@@@Z
?InstallHook@CCoolControlManager@@QAEXHKH@Z
?Init@CBDGDIManager@@QAE_NPB_W@Z
??1CCoolControlManager@@UAE@XZ

npcomm

?releaseEndpoint@NpcPipeEndpoint@@SAXPAV1@@Z
?getNewEndpoint@NpcPipeEndpoint@@SAPAV1@XZ

productinfo

?ReplaceVariables@CProductInfo@@QAEPB_WPA_WI@Z
?GetInstance@CProductInfo@@SAPAV1@XZ

mfc90u

ord2702
ord5851
ord280
ord5939
ord5632
ord4631
ord5167
ord5324
ord1810
ord1809
ord3353
ord6408
ord1754
ord1751
ord4345
ord1492
ord4664
ord5602
ord5512
ord6800
ord4603
ord5653
ord3743
ord5154
ord4702
ord1728
ord6466
ord5685
ord5683
ord960
ord965
ord969
ord967
ord971
ord2615
ord2635
ord2619
ord2625
ord2623
ord2621
ord2638
ord2633
ord2617
ord2640
ord2628
ord2610
ord2612
ord2630
ord2375
ord2368
ord1641
ord6802
ord4174
ord6804
ord3682
ord5404
ord6376
ord3226
ord1442
ord5625
ord2139
ord1792
ord1791
ord1727
ord3140
ord4910
ord4682
ord2364
ord1114
ord2597
ord6065
ord2904
ord4543
ord1675
ord1174
ord6579
ord4443
ord1938
ord2695
ord6703
ord2479
ord5979
ord4490
ord6687
ord267
ord803
ord4448
ord4423
ord6801
ord4173
ord6803
ord4747
ord2251
ord2206
ord6035
ord4179
ord1048
ord5548
ord6741
ord5830
ord4213
ord2087
ord3217
ord5674
ord5676
ord2447
ord4347
ord4996
ord5680
ord5663
ord6018
ord2771
ord2983
ord3112
ord4728
ord2966
ord3115
ord2774
ord2893
ord2764
ord4080
ord4081
ord4071
ord2891
ord4348
ord4905
ord4681
ord3670
ord2208
ord1098
ord4211
ord1137
ord1272
ord801
ord1254
ord1599
ord935
ord794
ord589
ord4043
ord1314
ord938
ord286
ord2537
ord813
ord1248
ord811
ord600
ord296
ord1250

msvcr90

__set_app_type
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_encode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
?terminate@@YAXXZ
__p__fmode
memset
_exit
_cexit
__wgetmainargs
__CxxFrameHandler3
_amsg_exit
memcpy_s
memmove_s
wcsrchr
wcsncpy_s
strncpy_s
sprintf
free
memcpy

kernel32

GetModuleHandleW
InterlockedCompareExchange
GetStartupInfoW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetProcessHeap
ReleaseSemaphore
InterlockedExchange
HeapSize
HeapReAlloc
HeapAlloc
HeapDestroy
GetCurrentThreadId
OutputDebugStringW
FindResourceW
LoadResource
LockResource
SizeofResource
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryW
CloseHandle
GetModuleFileNameW
Sleep
GetVersionExW
DeleteCriticalSection
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
CreateSemaphoreW
GetCurrentProcess
HeapFree
GetTickCount
MultiByteToWideChar
lstrlenA
FindResourceExW
CreateEventW
CreateThread
OpenEventW
SetEvent
WaitForSingleObject

user32

IsIconic
ShowWindow
SetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
BringWindowToTop
SystemParametersInfoW
GetForegroundWindow
InvalidateRect
EnableWindow
PostMessageW
SetWindowTextW
SetParent
GetDesktopWindow
GetWindowRect
SetWindowPos

shell32

SHGetSpecialFolderPathW

comctl32

InitCommonControlsEx

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8ff474cd4f7e5b92fe47ce64c26d1404

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bdguictl

npcomm

productinfo

mfc90u

msvcr90

kernel32

user32

shell32

comctl32

Sections

.text Size: 21KB - Virtual size: 20KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 3KB - Virtual size: 3KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 21KB - Virtual size: 20KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 3KB - Virtual size: 3KB

UPX0
Size: 144KB - Virtual size: 380KB