47928d5285cc0e09144a845fc51fc5ca_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

47928d5285cc0e09144a845fc51fc5ca_JaffaCakes118
Size

192KB
MD5

47928d5285cc0e09144a845fc51fc5ca
SHA1

396d7d512bf26c59512cadf60bd97a2fa2ce5561
SHA256

65581cd2357a4a1be8d8bb676176cab0cf8e87b6bc86ecdc7e5dc825ac6210ca
SHA512

881a12474bd80f4c4706c598a52f0b6dd3aac0641559d250e45d7919199c5218b7ce94bc4bcb9c468ad5853bfe7a67b37c2d50cafbe400bfc71f65e9ff4e8e31
SSDEEP

3072:EaZRLDfN5UM+673+TI+3ek6XVdKrhiGAd9ZoQk2kWVD8EdrFlYWm7jcB8U1v:Eo1DfN2MWh3DSdKkn96//WVD8crDvmny

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
47928d5285cc0e09144a845fc51fc5ca_JaffaCakes118

Files

47928d5285cc0e09144a845fc51fc5ca_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3eba27a98fcd98ce3e57738faba6ff78

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

atl

ord16
ord21
ord18
ord57
ord23
ord17
ord20
ord32
ord43
ord44
ord37

kernel32

CloseHandle
WaitForSingleObject
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
CreateThread
CreateEventW
SetEvent
Sleep
lstrcmpiW
GetCurrentThreadId
GetCommandLineW
HeapFree
GetProcessHeap
GetLastError
GetExitCodeProcess
CreateProcessW
GetSystemDirectoryW
LocalFree
FormatMessageW
FlushInstructionCache
GetCurrentProcess
HeapAlloc
GetModuleHandleA
GetStartupInfoW
GetVersionExA
ExitProcess
GetProcAddress
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
LoadLibraryA
SetFilePointer
RtlUnwind
SetStdHandle
WideCharToMultiByte
FlushFileBuffers

user32

GetWindowTextW
LoadStringW
SetThreadDesktop
OpenDesktopW
GetThreadDesktop
SetProcessWindowStation
OpenWindowStationW
GetUserObjectInformationW
GetProcessWindowStation
SetForegroundWindow
EnumThreadWindows
PostMessageW
DefWindowProcW
UnregisterClassW
SetWindowLongW
GetDesktopWindow
RegisterClassW
LoadIconW
MessageBoxW
UpdateWindow
SetDlgItemTextW
ShowWindow
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
GetMessageW
DispatchMessageW
CharNextW
CreateWindowExW
DestroyWindow
PostQuitMessage
PostThreadMessageW

ntmsapi

CancelNtmsLibraryRequest
CancelNtmsOperatorRequest
OpenNtmsSessionW
SatisfyNtmsOperatorRequest
CloseNtmsSession

shell32

Shell_NotifyIconW

ole32

CoInitializeSecurity
CoInitializeEx
CoSuspendClassObjects
CoResumeClassObjects
CoUninitialize

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3eba27a98fcd98ce3e57738faba6ff78

Headers

DLL Characteristics

File Characteristics

Imports

atl

kernel32

user32

ntmsapi

shell32

ole32

Sections

.text Size: 27KB - Virtual size: 27KB

.data Size: 1KB - Virtual size: 6KB

.rsrc Size: 18KB - Virtual size: 17KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 27KB - Virtual size: 27KB

.data
Size: 1KB - Virtual size: 6KB

.rsrc
Size: 18KB - Virtual size: 17KB

UPX0
Size: 144KB - Virtual size: 380KB