5ecb2f563aa73a8629f0ca3f132d9120_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5ecb2f563aa73a8629f0ca3f132d9120_JaffaCakes118
Size

829KB
MD5

5ecb2f563aa73a8629f0ca3f132d9120
SHA1

c11daf66de4c3789659f5317997b7fdbcc15a5e5
SHA256

e1d90156ecdbda9288ccf3973d85f8ba50e2084c2214e7351f1d19196fb81806
SHA512

6a410f9c59a9d0bb35783cca3b6428cb43efb7a42228bacf6d4159c7ac43cb0b88434eeab691a101f80297c814bd1f8751efded377bcc76609d79d645003ef94
SSDEEP

6144:vFM9vjGCI3UiuuequoyPooUmTv7QGVevsodGdPJnmvH26h:vWlGhY/oyQoUedxnU

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ecb2f563aa73a8629f0ca3f132d9120_JaffaCakes118

Files

5ecb2f563aa73a8629f0ca3f132d9120_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7bd8ef9990e220d4cf6fd1370c600d7d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalUnlock
GlobalLock
GlobalAlloc
ExpandEnvironmentStringsA
WriteFile
ReadFile
SetFilePointer
CreateFileA
CopyFileA
WinExec
GetDateFormatA
CreateProcessA
DeleteFileA
SetFileAttributesA
GetFileAttributesA
GetSystemDirectoryA
GetTickCount
LocalFree
FormatMessageA
GetComputerNameA
GetVersionExA
GetModuleHandleA
Process32Next
Module32First
Process32First
CreateToolhelp32Snapshot
GetLocalTime
GetFileSize
GetVersion
SetFileTime
GetFileTime
SearchPathA
GetCurrentProcess
HeapAlloc
GetProcessHeap
HeapFree
GetDriveTypeA
GetModuleFileNameA
DisconnectNamedPipe
TerminateProcess
TerminateThread
WaitForMultipleObjects
DuplicateHandle
CreatePipe
PeekNamedPipe
FindClose
FindNextFileA
FileTimeToSystemTime
GlobalFree
FindFirstFileA
SetCurrentDirectoryA
CreateDirectoryA
MoveFileA
RemoveDirectoryA
GetSystemDefaultLangID
GlobalMemoryStatus
GetDiskFreeSpaceExA
GetLogicalDriveStringsA
FreeLibrary
GetProcAddress
LoadLibraryA
Module32Next
SetPriorityClass
ResumeThread
SuspendThread
Thread32Next
OpenThread
Thread32First
Beep
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
TryEnterCriticalSection
OutputDebugStringA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
lstrcmpA
GetPrivateProfileStringA
ReleaseSemaphore
GetTimeFormatA
CreateSemaphoreA
SetThreadContext
FlushInstructionCache
WriteProcessMemory
VirtualProtectEx
GetThreadContext
GetWindowsDirectoryA
GetCommandLineA
CreateMutexA
GetStdHandle
AllocConsole
LocalAlloc
SetConsoleTextAttribute
FillConsoleOutputAttribute
SetConsoleCursorPosition
SetConsoleCursorInfo
SetConsoleScreenBufferSize
SetConsoleWindowInfo
SetConsoleTitleA
GetCurrentProcessId
OpenProcess
GetLastError
CloseHandle
RaiseException
InterlockedExchange
GetStartupInfoA
GetCurrentDirectoryA
ExitProcess
Sleep
CreateThread
ExitThread
FileTimeToLocalFileTime
WaitForSingleObject

gdi32

SetBkColor
SetTextColor
CreateSolidBrush
GetDIBColorTable
BitBlt
SelectObject
CreateDIBSection
DeleteDC
CreateCompatibleDC
GetDeviceCaps
CreateDCA
GetStockObject
CreateFontA
DeleteObject

iphlpapi

GetIfTable
GetUdpTable
GetTcpTable
GetAdaptersInfo
GetIfEntry

msvcrt

_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_open_osfhandle
_fdopen
_iob
setvbuf
__p___argv
__p___argc
??3@YAXPAX@Z
sprintf
isxdigit
strncmp
sscanf
fgets
free
system
rename
time
fseek
??2@YAPAXI@Z
fread
_vsnprintf
fwrite
fflush
_ftol
rand
srand
printf
gets
isdigit
_except_handler3
malloc
atol
__p__fmode
__set_app_type
_controlfp
_strcmpi
_getche
_kbhit
_strupr
_stricmp
strtok
strstr
atoi
__p__commode
strncat
strrchr
toupper
fopen
fprintf
fclose
strncpy
strchr
_snprintf

rasapi32

RasGetEntryDialParamsA
RasGetEntryPropertiesA
RasEnumEntriesA

shell32

ShellExecuteA
SHGetSpecialFolderPathA

shlwapi

StrStrIA

user32

BlockInput
OemToCharA
CharToOemA
keybd_event
MapVirtualKeyA
MessageBoxA
OpenClipboard
GetWindowThreadProcessId
GetWindowTextA
GetClipboardData
SwitchToThisWindow
SetForegroundWindow
DestroyWindow
CloseWindow
GetWindowModuleFileNameA
SetClipboardData
ShowWindow
SetFocus
CloseClipboard
BringWindowToTop
SetActiveWindow
GetForegroundWindow
SendMessageA
SetWindowTextA
FindWindowA
EnumWindows
ExitWindowsEx
DispatchMessageA
TranslateMessage
GetMessageA
UpdateWindow
CreateWindowExA
GetSystemMetrics
RegisterClassExA
PostQuitMessage
DefWindowProcA
CallWindowProcA
SetWindowLongA
GetClientRect
SetCursorPos
EnableWindow
SetWindowsHookExA
GetCursorPos
GetDesktopWindow
UnregisterClassA
UnhookWindowsHookEx
CallNextHookEx
GetKeyboardLayout
GetKeyboardState
GetKeyNameTextA
ToAsciiEx
GetWindowTextLengthA

wininet

InternetReadFile
InternetCloseHandle
InternetOpenUrlA
InternetOpenA

winmm

mciSendCommandA

ws2_32

WSAIoctl

Sections

UPX0
Size: 820KB - Virtual size: 820KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7bd8ef9990e220d4cf6fd1370c600d7d

Headers

File Characteristics

Imports

kernel32

gdi32

iphlpapi

msvcrt

rasapi32

shell32

shlwapi

user32

wininet

winmm

ws2_32

Sections

UPX0 Size: 820KB - Virtual size: 820KB

.rsrc Size: 2KB - Virtual size: 4KB

.avc Size: 6KB - Virtual size: 8KB

UPX0
Size: 820KB - Virtual size: 820KB

.rsrc
Size: 2KB - Virtual size: 4KB

.avc
Size: 6KB - Virtual size: 8KB