431c9b933a77df73fb2d6388783bcb6b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

431c9b933a77df73fb2d6388783bcb6b_JaffaCakes118
Size

240KB
MD5

431c9b933a77df73fb2d6388783bcb6b
SHA1

e13ef08d0db04eaf467353e754d12b0d613e8c1d
SHA256

6778a0a49f60f35632dc4ca4cbf44190effa83749a5129f7ffe6bb0a32688f68
SHA512

c7453bf4abf8306c822d778773235f13a928cf90d1fa739670ec061efa05f338457ee71bbb3b108740a1781397b00ded570fc690d8610c46010885278ecd7e8c
SSDEEP

3072:iXt067MznB+o4Ejm+Icl2jHFxJ+ifZZrZ13wdhXpILv9vEQrzE6hK8WpSEbLjOwD:hLnbVjmWlkXZtZ13wH5IVhKkEbLZx

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
431c9b933a77df73fb2d6388783bcb6b_JaffaCakes118

Files

431c9b933a77df73fb2d6388783bcb6b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4c8b3e08bdc5374da61171b792bda807

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_wcsdup
??3@YAXPAX@Z
exit
__wargv
__CxxFrameHandler
?terminate@@YAXXZ
_except_handler3
_controlfp
_onexit
__dllonexit
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
_cexit
_XcptFilter
_exit
_c_exit
swprintf
_snwprintf
malloc
free
_putws
_vsnwprintf
fputws
wcslen
_purecall
_iob
_wtoi
_wfopen
fflush
fclose
puts
_ftol
_wcsicmp
??2@YAPAXI@Z
__argc
_wsetlocale

ntdll

NtQuerySystemInformation
NtSetSystemInformation
RtlUnicodeStringToInteger
RtlInitUnicodeString

user32

GetClientRect
EnableWindow
PostMessageW
SendMessageW
WinHelpW
GetSysColor
DispatchMessageW
TranslateMessage
MsgWaitForMultipleObjects
PeekMessageW
SetTimer
GetWindowRect
GetSystemMetrics
GetWindowLongW
SetWindowLongW
LoadIconW
ScreenToClient
GetSysColorBrush
IsIconic
GetSystemMenu
AppendMenuW
DrawIcon
OffsetRect
CharToOemW
LoadStringW
RedrawWindow

shell32

ShellAboutW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

comdlg32

CommDlgExtendedError

wintrust

CryptCATAdminCalcHashFromFileHandle
CryptCATAdminAcquireContext
WinVerifyTrust
CryptCATCatalogInfoFromContext
CryptCATAdminEnumCatalogFromHash

crypt32

CertFreeCertificateContext

imagehlp

ImageLoad
ImageDirectoryEntryToDataEx
ImageUnload

mfc42u

ord3087
ord496
ord1008
ord3695
ord4425
ord2046
ord4433
ord5284
ord4709
ord1143
ord3133
ord4294
ord2858
ord1165
ord4254
ord3312
ord2606
ord616
ord3577
ord4392
ord2570
ord4213
ord2015
ord2403
ord859
ord924
ord6137
ord414
ord713
ord3657
ord5817
ord6279
ord6278
ord2755
ord4124
ord942
ord538
ord4197
ord6655
ord1197
ord5855
ord861
ord860
ord268
ord537
ord922
ord1560
ord772
ord500
ord5602
ord5050
ord755
ord470
ord1569
ord1683
ord4667
ord4269
ord815
ord771
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord2717
ord4074
ord4692
ord5303
ord5285
ord5710
ord2977
ord3142
ord3254
ord4459
ord3131
ord3257
ord2980
ord3076
ord2971
ord3825
ord3826
ord3820
ord3074
ord4075
ord4616
ord4418
ord3733
ord800
ord540
ord561
ord2520
ord1131
ord5156
ord4736
ord4942
ord4352
ord5261
ord4371
ord4848
ord4992
ord2506
ord6048
ord4073
ord1767
ord4401
ord5237
ord2377
ord5157
ord6370
ord4347
ord5283
ord3793
ord4829
ord4435
ord2640
ord2047
ord6372
ord3744
ord5059
ord1720
ord5257
ord2438
ord2116
ord5273
ord4621
ord4419
ord795
ord609
ord693
ord4155
ord858
ord5155
ord6051
ord1768
ord5286
ord4831
ord3397
ord3716
ord818
ord567
ord2567
ord4390
ord3569
ord2574
ord4396
ord3365
ord3635
ord2294
ord5568
ord2910
ord4704
ord4970
ord6195
ord6139
ord5857
ord6874
ord536
ord801
ord535
ord940
ord941
ord541
ord2634
ord6330
ord2350
ord2293
ord641
ord3658
ord2371
ord3281
ord2877
ord5706
ord5679
ord3447
ord2507
ord355
ord1172
ord2078
ord6211
ord6667
ord6879
ord3693
ord765
ord4270
ord4370
ord4847
ord5276
ord3592
ord4229
ord324
ord1761
ord1196
ord1899
ord768
ord489
ord4253
ord5856

advapi32

RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegDeleteValueW

kernel32

GetCurrentDirectoryW
GlobalMemoryStatusEx
ResetEvent
CreateThread
GetSystemDirectoryW
SetEvent
CloseHandle
ExpandEnvironmentStringsW
Sleep
FreeConsole
GetModuleHandleW
MultiByteToWideChar
lstrcmpiA
CreateFileW
GetLastError
GetCurrentProcess
GetTimeFormatW
GetDateFormatW
GetLocalTime
WaitForSingleObject
SetCurrentDirectoryW
GetModuleHandleA
GetStartupInfoW
CreateEventW

Sections

.text
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4c8b3e08bdc5374da61171b792bda807

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

user32

shell32

version

comdlg32

wintrust

crypt32

imagehlp

mfc42u

advapi32

kernel32

Sections

.text Size: 67KB - Virtual size: 67KB

.data Size: 2KB - Virtual size: 5KB

.rsrc Size: 25KB - Virtual size: 25KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 67KB - Virtual size: 67KB

.data
Size: 2KB - Virtual size: 5KB

.rsrc
Size: 25KB - Virtual size: 25KB

UPX0
Size: 144KB - Virtual size: 380KB