5d87120e80f5fe4a40afb33a77576bdb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5d87120e80f5fe4a40afb33a77576bdb_JaffaCakes118
Size

317KB
MD5

5d87120e80f5fe4a40afb33a77576bdb
SHA1

c947b3c744b3b36ab0526a9fe6a9a6f64011a6da
SHA256

7173ef43144de0a8aaf9855af672893433bee807f047e0df9512e0d3398bffa5
SHA512

ac616735f67d3b914d73ab0bc5bf5e2c5a19d8df28f24dd10a037c9f047c192b4b07d414100dcfe22b871d43e6739fc2ac2209ab223f472d83ae9d641398b5ff
SSDEEP

6144:YDe7lKb4lMg/yO9hJIGbmlVXRXi4PrgbMw+U/:xVlMUJIG6rXRXrPrgbMU

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5d87120e80f5fe4a40afb33a77576bdb_JaffaCakes118

Files

5d87120e80f5fe4a40afb33a77576bdb_JaffaCakes118
.exe windows:5 windows x86 arch:x86

441ae27e83ab37874d41564217733297

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

icwconn1.pdb

Imports

msvcrt

swscanf
free
malloc
_vsnwprintf
_except_handler3
_wmakepath
_wsplitpath
??3@YAXPAX@Z
memmove
_wtoi
??2@YAPAXI@Z
setlocale

advapi32

RegOpenKeyExA
RegQueryValueExA
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCreateKeyW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueW
RegDeleteValueW
RegQueryValueExW
RegOpenKeyW
RegCloseKey

kernel32

GetLastError
GetModuleHandleW
CloseHandle
CreateFileW
GetFileAttributesW
lstrlenW
GetProcAddress
GlobalAlloc
CreateProcessW
LoadLibraryW
SetLastError
GetModuleFileNameW
OutputDebugStringA
GetPrivateProfileIntW
SetCurrentDirectoryW
GetWindowsDirectoryW
GetCurrentDirectoryW
LocalFree
LocalAlloc
LoadLibraryA
FreeLibrary
RemoveDirectoryW
FindClose
FindNextFileW
DeleteFileW
SetFileAttributesW
FindFirstFileW
GlobalFree
SetErrorMode
GetCommandLineW
ExitProcess
CreateFileMappingW
InterlockedIncrement
InterlockedDecrement
FormatMessageW
MulDiv
GetCurrentProcess
GetVersionExW
TerminateProcess
GetExitCodeThread
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleA
GetSystemDirectoryW
lstrcatW
SearchPathW
GetPrivateProfileStringW
lstrcmpiW
lstrcpyW
lstrcpynW

gdi32

GetDeviceCaps
StretchBlt
BitBlt
SetTextColor
SetBkColor
GetTextMetricsW
SetMapMode
GetMapMode
CreateBitmap
DPtoLP
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
DeleteDC
GetStockObject
SetBkMode
DeleteObject
GetObjectW
CreateFontIndirectW

user32

GetClassInfoW
SendMessageW
CallWindowProcW
SetWindowLongW
MessageBoxW
wsprintfW
LoadStringW
TranslateAcceleratorW
GetWindowLongW
DispatchMessageW
TranslateMessage
DestroyWindow
GetMessageW
DialogBoxParamW
GetSysColor
GetDlgItem
MoveWindow
GetSystemMetrics
GetWindowRect
CheckRadioButton
EndDialog
IsDlgButtonChecked
GetDlgCtrlID
GetDC
WaitMessage
PeekMessageW
LoadStringA
LoadImageW
LoadAcceleratorsW
ReleaseDC
SetMessageQueue
BringWindowToTop
SetForegroundWindow
GetLastActivePopup
FindWindowW
PostMessageW
ShowWindow
GetParent
CharNextW
CharPrevW
SetWindowTextW
SetWindowPos
EnableWindow
MsgWaitForMultipleObjects
CheckDlgButton
GetWindowTextW
DefWindowProcW
FillRect
GetClientRect
GetSysColorBrush
LoadCursorW
SetCursor
ExitWindowsEx
SendDlgItemMessageW
UpdateWindow
MapWindowPoints
InvalidateRect
IsRectEmpty
GetUpdateRect
IsWindowVisible
EnumThreadWindows
GetFocus
SetFocus
IsWindowEnabled
GetWindow
EnumChildWindows
RegisterClassExW
CreateWindowExW
CreateDialogParamW
GetDesktopWindow
MessageBeep
IsChild
GetNextDlgTabItem
LoadIconW
PostQuitMessage
DrawFocusRect
InflateRect
OffsetRect
CopyRect
DrawTextW
RedrawWindow
EndPaint
DrawEdge
BeginPaint
DrawIcon
RegisterClassW
UnregisterClassW

shell32

SHGetPathFromIDListW
SHGetMalloc
ShellExecuteW
SHGetSpecialFolderLocation

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysFreeString

shlwapi

PathIsFileSpecW
PathIsURLW

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

441ae27e83ab37874d41564217733297

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

gdi32

user32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 60KB - Virtual size: 60KB

.data Size: 5KB - Virtual size: 10KB

.rsrc Size: 143KB - Virtual size: 142KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 60KB - Virtual size: 60KB

.data
Size: 5KB - Virtual size: 10KB

.rsrc
Size: 143KB - Virtual size: 142KB

.UPX0
Size: 108KB - Virtual size: 260KB