4bd4b4db039b3f0d6f313859f390de19_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4bd4b4db039b3f0d6f313859f390de19_JaffaCakes118
Size

232KB
MD5

4bd4b4db039b3f0d6f313859f390de19
SHA1

98d3c0bc999395de5a9152c2bdace58d6e152028
SHA256

a3aa559f9e978f634526325c239ecc8afc8116cba98c42ced15b1ac2eb358020
SHA512

a96704091bdb6815d3189ac45855ffb5620a380d184690e9226c11f1fe631b898fad17e1c740939a2e2b2114d4d6eb1c2d91081ddeca19a55b9dede68331091d
SSDEEP

3072:Jwvi4RRZdyw6PpjeJKyL+tX1/tqTHwIECjKjdNR2rj7BxTm+gUHgVqfaakTbRNpd:sFEROK2+tX10WMj6+ggfazRNfYyzwW

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4bd4b4db039b3f0d6f313859f390de19_JaffaCakes118

Files

4bd4b4db039b3f0d6f313859f390de19_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1ec4d2a7f82d47b79984147bb730e918

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord2377
ord5157
ord6370
ord4347
ord5276
ord3793
ord4831
ord4435
ord2640
ord2047
ord6372
ord3744
ord5059
ord1720
ord5257
ord2438
ord2116
ord5273
ord2977
ord3142
ord3254
ord4459
ord3131
ord3257
ord2980
ord3076
ord2971
ord3825
ord3826
ord3820
ord3074
ord4075
ord4621
ord4419
ord3592
ord324
ord6195
ord940
ord755
ord858
ord6168
ord5785
ord5871
ord470
ord4704
ord641
ord3087
ord3356
ord2637
ord3093
ord6193
ord5977
ord2578
ord6051
ord1768
ord4399
ord5286
ord3397
ord4418
ord3718
ord567
ord797
ord2110
ord5783
ord5237
ord2858
ord2567
ord4390
ord3569
ord609
ord6211
ord2634
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord2717
ord4074
ord4692
ord5303
ord5285
ord5710
ord3396
ord4616
ord3733
ord561
ord815
ord4237
ord2715
ord2382
ord3054
ord5094
ord5097
ord4461
ord4298
ord3345
ord5006
ord975
ord5468
ord3398
ord2874
ord2873
ord4146
ord4072
ord5233
ord5278
ord2641
ord1658
ord4430
ord5248
ord4421
ord3618
ord674
ord2084
ord4140
ord366
ord2070
ord4219
ord538
ord860
ord4401
ord1767
ord1569
ord4073
ord6048
ord2506
ord4992
ord4847
ord4370
ord5261
ord4229
ord2859
ord3133
ord1165
ord537
ord922
ord823
ord2606
ord535
ord2910
ord5568
ord540
ord861
ord4155
ord289
ord613
ord800
ord3614
ord5782
ord2442
ord825
ord323
ord2397
ord640
ord5781
ord1633
ord3701
ord1634
ord3566
ord2406
ord3621
ord3568
ord3658

msvcrt

rand
qsort
_errno
_c_exit
_exit
_XcptFilter
_cexit
exit
_wcmdln
__wgetmainargs
time
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
??1type_info@@UAE@XZ
__dllonexit
_onexit
?terminate@@YAXXZ
_controlfp
_except_handler3
srand
_initterm
_wtoi
wcscmp
_purecall
__CxxFrameHandler

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyW
RegQueryValueExW
RegSetValueExW
RegFlushKey
RegDeleteValueW

kernel32

lstrcpyW
GetStartupInfoW
GetModuleHandleA
lstrcmpiW
FindResourceW
LoadResource
LockResource
SetErrorMode
lstrlenW
FreeLibrary
LoadLibraryW
GetProcAddress
LoadLibraryA
WinExec

gdi32

CombineRgn
GetTextExtentPoint32W
GetTextMetricsW
GetDeviceCaps
CreateSolidBrush
UnrealizeObject
PatBlt
CreateFontW
SetLayout
SetPixel
GetPixel
BitBlt
CreateCompatibleBitmap
CreateRectRgn
SetRectRgn
CreateICW
CreateCompatibleDC

user32

MessageBeep
DdeGetLastError
IntersectRect
SystemParametersInfoW
GetSystemMetrics
GetDesktopWindow
UpdateWindow
GetMenu
EnableMenuItem
CheckMenuItem
FillRect
KillTimer
GetProcessDefaultLayout
SetTimer
InvalidateRect
LoadIconW
wsprintfW
EnableWindow
SendMessageW
GetParent
ClientToScreen
GetClientRect
SetRect
PostMessageW
DdeCreateDataHandle
DdeCreateStringHandleW
DdeFreeStringHandle
DdeGetData
DdeInitializeW
DdePostAdvise
DdeClientTransaction
DdeUninitialize
DdeNameService
DdeConnect
DdeDisconnect
DrawIcon
DrawTextW
GetWindowRect

shell32

ShellAboutW

winmm

waveOutGetNumDevs
sndPlaySoundW

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 74KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1ec4d2a7f82d47b79984147bb730e918

Headers

DLL Characteristics

File Characteristics

Imports

mfc42u

msvcrt

advapi32

kernel32

gdi32

user32

shell32

winmm

Sections

.text Size: 48KB - Virtual size: 47KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 74KB - Virtual size: 76KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 48KB - Virtual size: 47KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 74KB - Virtual size: 76KB

.UPX0
Size: 108KB - Virtual size: 260KB