5ce13559ca94d47076ad2c3ffa2c6c69_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5ce13559ca94d47076ad2c3ffa2c6c69_JaffaCakes118
Size

161KB
MD5

5ce13559ca94d47076ad2c3ffa2c6c69
SHA1

1f2b8ee0ad684deba83f3064414db20ad206a310
SHA256

89001af2f5b80f9e884565310abfe15f231cc6d0896db18e6e9f71893f5e1e95
SHA512

2451359eccf5005a979bd9f237fba7294347be2815a62a02ab3c3cb4ee2fde36df4633592eedef796ad9188b9ad92282b1766458a1eea5c94e08d1a7bec5cc0a
SSDEEP

3072:OBXHYkZXf06Jiz1AQ84bqrbNcnVsVGJHqIe4UgE9DlDKqVHgX7kzLUcnb3wXnB67:OJ4yX864zWrbNAV2GAIe/ZleGHgLkzLv

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ce13559ca94d47076ad2c3ffa2c6c69_JaffaCakes118

Files

5ce13559ca94d47076ad2c3ffa2c6c69_JaffaCakes118
.exe windows:6 windows x86 arch:x86

08ec297aa1d8b074c91ef990b2c791ba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

convert.pdb

Imports

ulib

?Initialize@PROGRAM@@QAEEKKK@Z
?GetStandardOutput@PROGRAM@@UAEPAVSTREAM@@XZ
??0CLASS_DESCRIPTOR@@QAE@XZ
?QueryWindowsErrorMessage@SYSTEM@@SGEKPAVWSTRING@@@Z
??0PROGRAM@@IAE@XZ
?GetStandardError@PROGRAM@@UAEPAVSTREAM@@XZ
?QueryCurrentDosDriveName@SYSTEM@@SGEPAVWSTRING@@@Z
?Initialize@WSTRING@@QAEEPBV1@KK@Z
??0STRING_ARGUMENT@@QAE@XZ
??1OBJECT@@UAE@XZ
??0DSTRING@@QAE@XZ
?QuerySystemDirectory@SYSTEM@@SGPAVPATH@@XZ
?AnalyzePath@PATH@@QAE?AW4PATH_ANALYZE_CODE@@PAVWSTRING@@PAV1@0@Z
?IsGuidVolName@PATH@@QAEEXZ
??0ARRAY@@QAE@XZ
??0PATH@@QAE@XZ
??0ARGUMENT_LEXEMIZER@@QAE@XZ
?Initialize@WSTRING@@QAEEPBGK@Z
?AppendBase@PATH@@QAEEPBVWSTRING@@E@Z
?QueryFile@SYSTEM@@SGPAVFSN_FILE@@PBVPATH@@EPAE@Z
?ValidateVersion@PROGRAM@@UBEXKK@Z
?Usage@PROGRAM@@UBEXXZ
?GetStandardInput@PROGRAM@@UAEPAVSTREAM@@XZ
?Fatal@PROGRAM@@UBEXXZ
?Fatal@PROGRAM@@UBAXKKPADZZ
?DisplayMessage@PROGRAM@@UBEEKW4MESSAGE_TYPE@@@Z
?DisplayMessage@PROGRAM@@UBAEKW4MESSAGE_TYPE@@PADZZ
??0FLAG_ARGUMENT@@QAE@XZ
?Initialize@ARRAY@@QAEEKK@Z
?Initialize@ARGUMENT_LEXEMIZER@@QAEEPAVARRAY@@@Z
?Initialize@STRING_ARGUMENT@@QAEEPAD@Z
?Initialize@FLAG_ARGUMENT@@QAEEPAD@Z
?SetCaseSensitive@ARGUMENT_LEXEMIZER@@QAEXE@Z
?Put@ARRAY@@UAEEPAVOBJECT@@@Z
?PrepareToParse@ARGUMENT_LEXEMIZER@@QAEEPAVWSTRING@@@Z
?DoParsing@ARGUMENT_LEXEMIZER@@QAEEPAVARRAY@@@Z
?QueryInvalidArgument@ARGUMENT_LEXEMIZER@@QAEPAVWSTRING@@XZ
?IsValueSet@ARGUMENT@@QAEEXZ
??1STRING_ARGUMENT@@UAE@XZ
??1ARGUMENT_LEXEMIZER@@UAE@XZ
??1ARRAY@@UAE@XZ
?Initialize@WSTRING@@QAEEPBDK@Z
?QueryLibraryEntryPoint@SYSTEM@@SGP6GHXZPBVWSTRING@@0PAPAX@Z
?QueryDriveType@SYSTEM@@SG?AW4DRIVE_TYPE@@PBVWSTRING@@@Z
?Initialize@PATH@@QAEEPBVWSTRING@@E@Z
?QueryVolumeLabel@SYSTEM@@SGPAVWSTRING@@PAVPATH@@PAU_VOL_SERIAL_NUMBER@@@Z
?Strcat@WSTRING@@QAEEPBV1@@Z
?FreeLibraryHandle@SYSTEM@@SGXPAX@Z
?Compare@OBJECT@@UBEJPBV1@@Z
??1DSTRING@@UAE@XZ
??1PATH@@UAE@XZ
?Initialize@CLASS_DESCRIPTOR@@QAEEXZ
??1PROGRAM@@UAE@XZ

ifsutil

?DeleteEntry@AUTOREG@@SGEPBVWSTRING@@0@Z
?IsArcSystemPartition@IFS_SYSTEM@@SGEPBVWSTRING@@PAE@Z
?QueryFileSystemName@IFS_SYSTEM@@SGEPBVWSTRING@@PAV2@PAJ1@Z
?GenerateLabelNotification@SUPERAREA@@SGJPBVWSTRING@@PAV2@PAU_FILE_FS_SIZE_INFORMATION@@PAU_FILE_FS_VOLUME_INFORMATION@@@Z
?DosDriveNameToNtDriveName@IFS_SYSTEM@@SGEPBVWSTRING@@PAV2@@Z
?AddEntry@AUTOREG@@SGEPBVWSTRING@@@Z

ntdll

NtTerminateProcess
RtlFreeHeap
RtlAllocateHeap
RtlUnhandledExceptionFilter

scecli

SceConfigureConvertedFileSecurity

osuninst

IsUninstallImageValid
RemoveUninstallImage

kernel32

GetModuleHandleA
InterlockedCompareExchange
Sleep
InterlockedExchange
HeapSetInformation
SetErrorMode
CompareStringW
GetLastError
SetUnhandledExceptionFilter

msvcrt

_controlfp
_except_handler4_common
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__getmainargs
_wcsupr
_wcsicmp

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 910B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

08ec297aa1d8b074c91ef990b2c791ba

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ulib

ifsutil

ntdll

scecli

osuninst

kernel32

msvcrt

Sections

.text Size: 12KB - Virtual size: 12KB

.data Size: 512B - Virtual size: 896B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 910B

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 12KB - Virtual size: 12KB

.data
Size: 512B - Virtual size: 896B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 910B

UPX0
Size: 144KB - Virtual size: 380KB