5be67eabe1973a5c2ad2bb6be50710eb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5be67eabe1973a5c2ad2bb6be50710eb_JaffaCakes118
Size

218KB
MD5

5be67eabe1973a5c2ad2bb6be50710eb
SHA1

83faadb97674515bdef93075d45f2e0123dda211
SHA256

0ff0a55e55e2df80efca849f575bd515e40adceda3f07fb150d7d190250c3fc1
SHA512

f7f84f2d2af32a117a475fe3fdd328fc0747d87d360b420f23edfcb3d2ec963ab276a5dcc523db1b6641006d6f85eea7565a80a8dfe76962a4a4ef6a1e82d9f3
SSDEEP

3072:6SQQl8cKsiXHkT7ool/BreyZwhE8tqx6vOIdQiRyrETZSMuz6kL1xm9dY4K2pWQW:yipraE8tqxBIyrGSMoZG9dY4KEX

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5be67eabe1973a5c2ad2bb6be50710eb_JaffaCakes118

Files

5be67eabe1973a5c2ad2bb6be50710eb_JaffaCakes118
.exe windows:6 windows x86 arch:x86

e1128b1893b786a7c6e8c28c2e956047

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

SPReview.pdb

Imports

advapi32

RegCloseKey
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
CryptReleaseContext
CryptGenRandom
CryptAcquireContextW
RegQueryValueExW
EventUnregister
EventWrite
TraceMessage

kernel32

Sleep
HeapFree
HeapReAlloc
HeapAlloc
GetProcessHeap
lstrlenW
GetCurrentProcess
WideCharToMultiByte
GlobalFree
ReadFile
CreateFileW
GetWindowsDirectoryW
WaitForSingleObject
FreeLibrary
GetProcAddress
LoadLibraryW
CreateDirectoryW
MultiByteToWideChar
CreateMutexW
ReleaseMutex
SetEvent
InterlockedDecrement
OutputDebugStringA
GetUILanguageInfo
EnumUILanguagesW
GetProductInfo
GetVersionExW
SetLastError
FormatMessageW
WriteFile
SetEndOfFile
SetFilePointer
GetCommandLineW
GetEnvironmentVariableW
InterlockedExchange
HeapSize
HeapDestroy
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
CreateEventW
InterlockedCompareExchange
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
MoveFileExW
CloseHandle
LocalFree
GetFullPathNameW
GetSystemWindowsDirectoryW
GetModuleFileNameW
GetFileAttributesW
GetLastError
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
InterlockedIncrement
GetFileAttributesExW

user32

MessageBoxW
UnregisterClassA

msvcrt

_vscprintf
_ftol2
_cexit
??2@YAPAXI@Z
_exit
vsprintf_s
exit
_initterm
_amsg_exit
iswdigit
_wtoi
_XcptFilter
_controlfp
?terminate@@YAXXZ
malloc
free
vswprintf_s
_vscwprintf
_wcsicmp
wcstoul
_wcsnicmp
wcschr
memset
memmove_s
wcscspn
__wgetmainargs
wcsspn
calloc
??_V@YAXPAX@Z
__CxxFrameHandler3
??_U@YAPAXI@Z
_CxxThrowException
memcpy_s
_vsnwprintf
??3@YAXPAX@Z
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
wcsrchr
__setusermatherr
memcpy

shell32

SHFileOperationW

ole32

CoUninitialize
CoGetMalloc
CoCreateInstance
CoInitializeEx
CoInitializeSecurity

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

shlwapi

PathRemoveFileSpecW

spwizui

SPInstallSucceeded
SPInstallFailed

sperror

GetErrorDescription

sqmapi

SqmStartUpload
SqmIsWindowsOptedIn
SqmEndSession
SqmSet
SqmSetMachineId
SqmWriteSharedMachineId
SqmCreateNewId
SqmReadSharedMachineId
SqmSetString
SqmSetAppId
SqmSetEnabled
SqmGetSession
SqmAddToStreamV
SqmWaitForUploadComplete

winbrand

BrandingFormatString

Sections

.text
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e1128b1893b786a7c6e8c28c2e956047

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

msvcrt

shell32

ole32

version

shlwapi

spwizui

sperror

sqmapi

winbrand

Sections

.text Size: 94KB - Virtual size: 94KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 10KB - Virtual size: 10KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 94KB - Virtual size: 94KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 10KB - Virtual size: 10KB

.UPX0
Size: 108KB - Virtual size: 260KB