444a58c093938412dc6328401edf34d7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

444a58c093938412dc6328401edf34d7_JaffaCakes118
Size

231KB
MD5

444a58c093938412dc6328401edf34d7
SHA1

a09972b5e8d0183ff9f5c236ecd026c4b646d88d
SHA256

158bb910b00cb1c153948d956dde8b5b9ba74f5db69fd6506f8d518136d073c3
SHA512

a00ce85c5c7d1be46c556eed1ee4cc73dfaed9ca8fa0374d68a074d0b1927aa26b806b35a74c0c174a2eaaa40a9ff3f2de7b48fd2857fc9458db3f128915d62b
SSDEEP

6144:JlAwZGx2/bvx+1GPAuHtILio7G9Bgedk9p:JlASvOCHxoC9Tk9

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
444a58c093938412dc6328401edf34d7_JaffaCakes118

Files

444a58c093938412dc6328401edf34d7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2ae2e48364d2d43027decf437012b9a4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

smlogsvc.pdb

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
ReportEventW
RegSetValueExW
SetServiceStatus
RegEnumKeyExW
QueryTraceW
CreateProcessAsUserW
UpdateTraceW
DeregisterEventSource
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
RegisterEventSourceW
ControlService
CloseServiceHandle
OpenServiceW
OpenSCManagerW
StopTraceW
EnableTrace
StartTraceW
WmiNotificationRegistrationW

kernel32

FormatMessageW
LoadLibraryW
lstrcpyW
HeapFree
lstrlenW
HeapAlloc
GetProcessHeap
CloseHandle
GetLastError
CreateFileW
SetErrorMode
ExpandEnvironmentStringsW
SystemTimeToFileTime
GetLocalTime
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
lstrcmpiW
CreateDirectoryW
GetFullPathNameW
lstrcpynW
CreateProcessW
SetEvent
CreateThread
CreateEventW
GetSystemTimeAsFileTime
DeleteCriticalSection
WaitForMultipleObjects
ResetEvent
Sleep
InitializeCriticalSection
FreeLibrary
lstrcatW
SetLastError
SetThreadPriority
GetCurrentThread
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCommandLineA
GetVersionExA
WideCharToMultiByte
ExitProcess
GetProcAddress
GetModuleHandleA
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
VirtualProtect
GetSystemInfo
VirtualQuery
MultiByteToWideChar
LCMapStringA
LCMapStringW
RtlUnwind
InterlockedExchange
LoadLibraryA
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetFilePointer
SetStdHandle
FlushFileBuffers
GetModuleHandleW

user32

LoadStringW

ntdll

NtWaitForSingleObject
NtWaitForMultipleObjects

netapi32

NetMessageBufferSend

shlwapi

ord439

pdh

PdhPlaGetLogFileNameW
PdhPlaGetInfoW
PdhiPlaRunAs
PdhSetDefaultRealTimeDataSource
PdhAddCounterW
PdhAdd009CounterW
PdhGetFormattedCounterValue
PdhCollectQueryData
PdhCloseQuery
PdhOpenQueryH
PdhGetLogFileSize
PdhCloseLog
PdhUpdateLogW
PdhOpenLogW
PdhExpandWildCardPathW
PdhParseCounterPathW
PdhTranslateLocaleCounterW
PdhiPlaFormatBlanksW

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2ae2e48364d2d43027decf437012b9a4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

ntdll

netapi32

shlwapi

pdh

Sections

.text Size: 66KB - Virtual size: 65KB

.data Size: 2KB - Virtual size: 8KB

.rsrc Size: 18KB - Virtual size: 17KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 66KB - Virtual size: 65KB

.data
Size: 2KB - Virtual size: 8KB

.rsrc
Size: 18KB - Virtual size: 17KB

UPX0
Size: 144KB - Virtual size: 380KB