496a690dbe38a39252bf31d0d29eb5f2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

496a690dbe38a39252bf31d0d29eb5f2_JaffaCakes118
Size

179KB
MD5

496a690dbe38a39252bf31d0d29eb5f2
SHA1

189a7ada669c52ab208841d2bf4d5ae183bc7e74
SHA256

572ec9a4421e82f9ee310c1250648c31f379196d247b7b88c41141f73d3c7f5e
SHA512

f9b537443b8366e2d57287dc98fb22e683a27fba4be9edc76ac21d348c562eca628b55a5ad426f9b737c886f579400edc82e5046fc05d4ece174911c73bfab40
SSDEEP

1536:xEScivyQxzWqLFQ0FIwvIiQovBFx/2zdimLvoCl2kJwjsML:xEScivJFFIulvRVmXlsL

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
496a690dbe38a39252bf31d0d29eb5f2_JaffaCakes118

Files

496a690dbe38a39252bf31d0d29eb5f2_JaffaCakes118
.dll regsvr32 windows:5 windows x86 arch:x86

606d1db53dee38d4ebaac1f2adefe88f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Process32First
CreateToolhelp32Snapshot
OpenProcess
GetDiskFreeSpaceExA
GetDriveTypeA
GetLogicalDrives
GetExitCodeThread
WaitForSingleObject
GetModuleFileNameA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateMutexA
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
SetFileAttributesA
CreateDirectoryA
CreateEventA
InitializeCriticalSection
ResetEvent
SetEvent
FreeLibrary
GetProcAddress
LoadLibraryA
GetDateFormatA
GetTimeFormatA
lstrlenA
IsBadWritePtr
WideCharToMultiByte
lstrlenW
MultiByteToWideChar
lstrcpynA
GetVersionExA
LocalReAlloc
GetFileAttributesA
Process32Next
DeviceIoControl
GetLastError
lstrcmpiA
TerminateThread
GetTickCount
GetCurrentThreadId
ExitThread
GetSystemTime
CreateThread
Sleep
GetSystemDirectoryA
ExpandEnvironmentStringsA
CreateProcessA
GetFileSize
ReadFile
CreateFileA
DeleteFileA
WriteFile
GetCurrentProcess
CloseHandle
GetVersion
GetPrivateProfileSectionNamesW
GetPrivateProfileStringW
GetPrivateProfileIntW
LocalFree
GetPrivateProfileIntA
GetPrivateProfileStringA
FindFirstFileA
FindNextFileA
FindClose
lstrcmpW
LocalAlloc
lstrcpyW
lstrcmpiW
lstrcpyA
lstrcmpA
lstrcatW
lstrcatA
GetVolumeInformationA
GetModuleHandleA
GetSystemTimeAsFileTime
HeapReAlloc
HeapFree
GetProcessHeap
HeapAlloc
OutputDebugStringA
ReleaseMutex
WriteConsoleA
GetStdHandle
FlushFileBuffers
SetUnhandledExceptionFilter
TerminateProcess
GetLocalTime
VirtualQuery
lstrcpynW

advapi32

RegUnLoadKeyA
RegLoadKeyA
RegQueryValueExW
CryptDestroyHash
CryptGetHashParam
CryptHashData
RegEnumKeyExA
RegDeleteValueA
RegEnumValueA
CryptAcquireContextA
CryptReleaseContext
CryptCreateHash
RegOpenKeyExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCreateKeyExA
RegFlushKey
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
ImpersonateSelf
DuplicateTokenEx
SetThreadToken
RevertToSelf
RegCreateKeyA
RegSetValueExA
RegEnumKeyA
RegOpenKeyA
RegQueryValueExA
RegDeleteKeyA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

imagehlp

SymCleanup
SymGetModuleBase
SymFunctionTableAccess
StackWalk
SymGetSymFromAddr
SymInitialize

ntdll

strcspn
_fltused
isalpha
strcpy
strcat
strlen
memset
_chkstk
memcmp
isgraph
strcmp
_snprintf
wcsncpy
strstr
memcpy
atoi
_vsnprintf

ole32

StringFromIID
CoGetMalloc
CoTaskMemFree

shlwapi

PathFindExtensionA

user32

wsprintfA
wsprintfW

wininet

FindFirstUrlCacheEntryA
InternetReadFile
FindCloseUrlCache
FindNextUrlCacheEntryA
InternetCloseHandle
InternetOpenUrlA
InternetOpenA
FtpPutFileA
InternetConnectA

ws2_32

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

606d1db53dee38d4ebaac1f2adefe88f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

imagehlp

ntdll

ole32

shlwapi

user32

wininet

ws2_32

Exports

Exports

Sections

UPX0 Size: 172KB - Virtual size: 172KB

.rsrc Size: 2KB - Virtual size: 4KB

.avp Size: 4KB - Virtual size: 4KB

UPX0
Size: 172KB - Virtual size: 172KB

.rsrc
Size: 2KB - Virtual size: 4KB

.avp
Size: 4KB - Virtual size: 4KB