4bdf1594290545a91d2edd5d4d25b4d1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4bdf1594290545a91d2edd5d4d25b4d1_JaffaCakes118
Size

318KB
MD5

4bdf1594290545a91d2edd5d4d25b4d1
SHA1

719c0d2a7e3ed7c938416b3e7424397908495321
SHA256

00df5333a50bc1446dd14e8872caf3c667e307dd0f1e034c872e2ea473a3ec86
SHA512

3a0d9a6900668e3b0465c12b04d5871957827ab489c2c5cb05006b7211a42ebf24d19198ec8fb0b3cd7707b425c5f4305d5f9ee4d89ba38387d24e649113e293
SSDEEP

6144:+NlRubEROCWKq99UF5hvv/gKq99UF5hvv/r8anhtE7yKdhUT:+0QnoQnAanMJ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4bdf1594290545a91d2edd5d4d25b4d1_JaffaCakes118

Files

4bdf1594290545a91d2edd5d4d25b4d1_JaffaCakes118
.exe windows:6 windows x86 arch:x86

73f4b9675888dd4f4df3fcd9cbc3bdcc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

cleanmgr.pdb

Imports

advapi32

RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegEnumKeyW
OpenProcessToken

kernel32

SetErrorMode
GetCommandLineW
GetVolumeNameForVolumeMountPointW
FreeLibrary
LoadLibraryExW
LocalAlloc
WideCharToMultiByte
MulDiv
SetEvent
GetDiskFreeSpaceW
GetStartupInfoA
CreateThread
Sleep
GetLastError
FormatMessageW
InterlockedIncrement
InterlockedDecrement
GetWindowsDirectoryW
GetModuleHandleW
CloseHandle
HeapSetInformation
CreateEventW
WaitForSingleObject
GetDiskFreeSpaceExW
GetModuleFileNameW
HeapAlloc
GetProcessHeap
GetCurrentProcess
GetVolumeInformationW
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedCompareExchange
HeapFree
InterlockedExchange
CheckElevationEnabled
lstrlenW
LocalFree
GetTickCount
GetDriveTypeW

gdi32

CreateFontIndirectW
ExtTextOutW
GetTextExtentPoint32W
SetBkColor
SetBkMode
DeleteObject
SetTextColor
GetLayout

user32

SetFocus
DrawIconEx
GetWindowLongW
SetWindowLongW
EnableWindow
SetDlgItemTextW
MessageBoxW
ShowWindow
DialogBoxParamW
DrawFocusRect
GetSystemMetrics
DestroyIcon
PostMessageW
LoadIconW
CreateDialogParamW
DestroyWindow
IsDialogMessageW
GetClientRect
EndDialog
GetDlgItem
SendMessageW
LoadStringW
SendDlgItemMessageW
GetDC
ReleaseDC
GetSysColor
TranslateMessage
DispatchMessageW
PeekMessageW
GetWindowTextW
SetForegroundWindow
EnumWindows

msvcrt

_controlfp
_except_handler4_common
?terminate@@YAXXZ
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__getmainargs
_wcsicmp
_vsnwprintf
memset
toupper
__set_app_type

ntdll

WinSqmAddToStream
NtQueryInformationToken
RtlNtStatusToDosError

ole32

CoTaskMemFree
CoTaskMemAlloc
CLSIDFromString
CoInitialize
CoUninitialize
CoCreateInstance
CoInitializeEx

oleaut32

VariantInit
SysStringLen
VariantClear

shlwapi

SHDeleteKeyW
StrFormatByteSizeW
PathStripToRootW
ord271
StrCmpW
StrCmpNW
StrStrIW
ord487
StrToIntW

comctl32

CreatePropertySheetPageW
PropertySheetW
ImageList_Create
ImageList_ReplaceIcon
ord17
ord345

shell32

ShellExecuteW
SHGetFileInfoW
ord680
ShellExecuteExW
ExtractIconExW

uxtheme

CloseThemeData
IsThemeActive
OpenThemeData
GetThemeFont
GetThemeColor

vssapi

VssFreeSnapshotPropertiesInternal
CreateVssBackupComponentsInternal

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

73f4b9675888dd4f4df3fcd9cbc3bdcc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

msvcrt

ntdll

ole32

oleaut32

shlwapi

comctl32

shell32

uxtheme

vssapi

Sections

.text Size: 26KB - Virtual size: 26KB

.data Size: 512B - Virtual size: 992B

.rsrc Size: 144KB - Virtual size: 144KB

.reloc Size: 2KB - Virtual size: 1KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 26KB - Virtual size: 26KB

.data
Size: 512B - Virtual size: 992B

.rsrc
Size: 144KB - Virtual size: 144KB

.reloc
Size: 2KB - Virtual size: 1KB

UPX0
Size: 144KB - Virtual size: 380KB