5cc057557fb5e59481a70b82ce4324e6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5cc057557fb5e59481a70b82ce4324e6_JaffaCakes118
Size

255KB
MD5

5cc057557fb5e59481a70b82ce4324e6
SHA1

b297ce51b67ebe4342fcd4d4d1558e4c494003d4
SHA256

990a50764004647ad49f6322e34098c3bb880dfac70b04a761f7237e2426e6a5
SHA512

259ca58fde3f045d018ba72d7679e982296a35c0404559ff12adf86e7f7164400415a395eada4f029e5f98b2be27a0157a9397e50e397b0d71db79bbcf6dbe8d
SSDEEP

6144:fvODg5gfzDVlVXgjFVJk+2DcILyeimiUgQ:3h5GpX6zmibQ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5cc057557fb5e59481a70b82ce4324e6_JaffaCakes118

Files

5cc057557fb5e59481a70b82ce4324e6_JaffaCakes118
.exe windows:6 windows x86 arch:x86

c0e20b21e1b9caef7857d64a3fdea474

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

notepad.pdb

Imports

advapi32

RegQueryValueExW
RegCloseKey
RegCreateKeyW
IsTextUnicode
RegSetValueExW

kernel32

GetFileInformationByHandle
FindNLSString
GlobalAlloc
GlobalUnlock
GlobalLock
CreateFileMappingW
GetDateFormatW
GetLocalTime
LocalUnlock
MapViewOfFile
MultiByteToWideChar
UnmapViewOfFile
LocalReAlloc
GetACP
DeleteFileW
SetEndOfFile
LocalLock
FormatMessageW
WideCharToMultiByte
SetLastError
WriteFile
GetLastError
LocalSize
GetFullPathNameW
MulDiv
GetCommandLineW
HeapSetInformation
GetCurrentProcessId
FoldStringW
lstrcmpW
GetFileAttributesW
FindFirstFileW
FindClose
GetTimeFormatW
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
lstrlenW
GetLocaleInfoW
GlobalFree
lstrcmpiW
SetErrorMode
CreateFileW
ReadFile
CloseHandle
LocalAlloc
InterlockedDecrement
LocalFree
InterlockedIncrement
GetUserDefaultUILanguage
UnhandledExceptionFilter

gdi32

SelectObject
SetMapMode
SetViewportExtEx
SetWindowExtEx
LPtoDP
SetBkMode
GetTextMetricsW
SetAbortProc
StartDocW
StartPage
EndPage
AbortDoc
EndDoc
DeleteDC
TextOutW
GetTextExtentPoint32W
CreateDCW
GetTextFaceW
EnumFontsW
GetStockObject
GetObjectW
GetDeviceCaps
CreateFontIndirectW
DeleteObject

user32

GetClientRect
SetCursor
ReleaseDC
GetDC
DialogBoxParamW
SetActiveWindow
GetKeyboardLayout
PostQuitMessage
DefWindowProcW
GetForegroundWindow
IsIconic
DestroyWindow
MessageBeep
GetWindowPlacement
CharUpperW
RegisterClassExW
LoadImageW
LoadCursorW
SetWindowLongW
LoadAcceleratorsW
GetSystemMenu
SetWindowPlacement
CreateWindowExW
RegisterWindowMessageW
SetProcessDPIAware
SetScrollPos
ShowWindow
GetWindowLongW
PeekMessageW
EnableWindow
DrawTextExW
CreateDialogParamW
GetWindowTextW
MoveWindow
InvalidateRect
SendMessageW
CharNextW
CheckMenuItem
CloseClipboard
IsClipboardFormatAvailable
OpenClipboard
GetMenuState
EnableMenuItem
GetSubMenu
GetMenu
SetWinEventHook
GetMessageW
PostMessageW
MessageBoxW
GetFocus
WinHelpW
GetDlgCtrlID
EndDialog
GetWindowTextLengthW
LoadIconW
IsDialogMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
UpdateWindow
UnhookWinEvent
ChildWindowFromPoint
GetDlgItemTextW
SetDlgItemTextW
SetFocus
SetWindowTextW
GetParent
LoadStringW
SendDlgItemMessageW
GetCursorPos
ScreenToClient

msvcrt

?terminate@@YAXXZ
_controlfp
_vsnwprintf
memset
_wtol
memcpy
iswctype
localtime
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
_amsg_exit
_initterm
_acmdln
exit
time
__getmainargs
_ismbblead
_XcptFilter
_exit
_cexit
__setusermatherr

comdlg32

GetSaveFileNameW
FindTextW
ReplaceTextW
PageSetupDlgW
PrintDlgExW
GetOpenFileNameW
CommDlgExtendedError
ChooseFontW
GetFileTitleW

shell32

DragAcceptFiles
DragQueryFileW
DragFinish
SHCreateItemFromParsingName
ShellAboutW

winspool.drv

GetPrinterDriverW
ClosePrinter
OpenPrinterW

ole32

CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitializeEx

shlwapi

PathIsFileSpecW
SHStrDupW

comctl32

CreateStatusWindowW
ord345

oleaut32

SysAllocString
SysFreeString

ntdll

WinSqmAddToStream

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c0e20b21e1b9caef7857d64a3fdea474

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

msvcrt

comdlg32

shell32

winspool.drv

ole32

shlwapi

comctl32

oleaut32

ntdll

Sections

.text Size: 36KB - Virtual size: 35KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 103KB - Virtual size: 102KB

.reloc Size: 3KB - Virtual size: 3KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 36KB - Virtual size: 35KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 103KB - Virtual size: 102KB

.reloc
Size: 3KB - Virtual size: 3KB

.UPX0
Size: 108KB - Virtual size: 260KB