46da6494b54fe1033397b8cf77280757_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

46da6494b54fe1033397b8cf77280757_JaffaCakes118
Size

231KB
MD5

46da6494b54fe1033397b8cf77280757
SHA1

e9f09483e268b5e90afe964e8ed1420bebdc738e
SHA256

fb632db0f3476921510d02f4bf046ef73719807394905ba008b89f107e602bde
SHA512

3b25b93520d8122ba3016b5dfe91f4ee8d8c93994f58b46b406a3cc532315a0a432c20870e154d257bd8f76a943f16b54355ca9e0dce9296bda8d62da418d13a
SSDEEP

6144:/WnVxgn9Gy0aQx23KLCWkq6B5FecoB8+:OVOQm3K2bqf

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
46da6494b54fe1033397b8cf77280757_JaffaCakes118

Files

46da6494b54fe1033397b8cf77280757_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

76f39489b27f2261b59e6a8a2d48c4c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapFree
CreateFileA
GetLastError
FreeLibrary
OpenProcess
CloseHandle
WriteFile
GetProcessHeap
GetProcAddress
LoadLibraryA
GetVersionExA
SetLastError
HeapAlloc
GetDateFormatA
GetCurrentThread
lstrcmpiA
GetSystemDirectoryA
GetWindowsDirectoryA
GetTempFileNameA
GetTempPathA
MoveFileA
CopyFileA
GetFileSize
WaitForSingleObject
CreateProcessA
LoadLibraryExA
DeleteFileA
FileTimeToSystemTime
SystemTimeToFileTime
GetTimeFormatA
GetLocalTime
GetCurrentProcessId
Sleep
GetCurrentThreadId
EnterCriticalSection
InterlockedIncrement
InterlockedDecrement
HeapDestroy
LeaveCriticalSection
DeleteCriticalSection
GetModuleFileNameA
InitializeCriticalSection
DisableThreadLibraryCalls
MultiByteToWideChar
GetShortPathNameA
lstrlenA
TerminateProcess
GetCurrentProcess
lstrlenW
TlsFree
TlsGetValue
GetSystemTime
RaiseException
GetStringTypeW
GetStringTypeA
IsBadCodePtr
SetEnvironmentVariableA
IsBadWritePtr
VirtualAlloc
IsBadReadPtr
HeapCreate
GetEnvironmentStringsW
VirtualFree
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetEnvironmentStrings
GetFileType
GetStdHandle
GetStartupInfoA
HeapSize
CompareStringW
CompareStringA
SetEndOfFile
FlushFileBuffers
SetStdHandle
WideCharToMultiByte
LocalFree
RtlUnwind
ResumeThread
CreateThread
TlsSetValue
ExitThread
GetTimeZoneInformation
HeapReAlloc
SetHandleCount
ExitProcess
GetCommandLineA
GetVersion
TlsAlloc
LCMapStringA
LCMapStringW
GetCPInfo
GetACP
GetOEMCP
UnhandledExceptionFilter
ReadFile
SetUnhandledExceptionFilter
SetFilePointer

advapi32

CryptHashData
CryptSignHashA
CryptCreateHash
CryptDestroyHash
CryptDestroyKey
CryptVerifySignatureA
OpenThreadToken
OpenProcessToken
CryptReleaseContext
AdjustTokenPrivileges
RegQueryInfoKeyA
LookupPrivilegeValueA
RegDeleteKeyA
RegDeleteValueA
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
CryptImportKey
RegSetValueExA
CryptAcquireContextA

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoCreateGuid

oleaut32

shell32

ShellExecuteA

user32

SetWindowPos
SetWindowTextA

wininet

InternetConnectA
InternetCloseHandle
HttpQueryInfoA
InternetReadFile
HttpSendRequestA
InternetOpenA
HttpOpenRequestA
InternetCrackUrlA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

76f39489b27f2261b59e6a8a2d48c4c6

Headers

File Characteristics

Imports

kernel32

advapi32

ole32

oleaut32

shell32

user32

wininet

Exports

Exports

Sections

UPX0 Size: 224KB - Virtual size: 224KB

.rsrc Size: 2KB - Virtual size: 4KB

.avp Size: 3KB - Virtual size: 4KB

UPX0
Size: 224KB - Virtual size: 224KB

.rsrc
Size: 2KB - Virtual size: 4KB

.avp
Size: 3KB - Virtual size: 4KB