5f54d9d2f540ba0841b4f70ebda5c193_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5f54d9d2f540ba0841b4f70ebda5c193_JaffaCakes118
Size

268KB
MD5

5f54d9d2f540ba0841b4f70ebda5c193
SHA1

12c17e14bf1c950a9a8fa3153d0952e9c39f03e2
SHA256

7e5a815c48272fa40b82e808f1e9d7cbc55743969c8363d7249193d53118a2dc
SHA512

f308c2b1b2424a6291b76db2c1e5207e4d964a10961c6422ad199fd4f0ece9f13847d3ec77c516919d1f12f38b41ae369bd43b21df90867cbf945b9926f448b9
SSDEEP

3072:9DHgWhF3rgNitK0Xs0X3xzHsSe45gfwUNB9D0uKfC1eJTIZkBoh1ERUhrlPmTIxI:JLYN2HXYLD0C/NpAT/

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5f54d9d2f540ba0841b4f70ebda5c193_JaffaCakes118

Files

5f54d9d2f540ba0841b4f70ebda5c193_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cf2e9759ec2efba16f0776951bfc76a0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

Sleep
WritePrivateProfileStringA
WriteFile
WinExec
WaitForSingleObject
VirtualQuery
VirtualAlloc
TerminateProcess
SetThreadPriority
SetFilePointer
SetFileAttributesA
SetEvent
SetEndOfFile
ResumeThread
ResetEvent
RemoveDirectoryA
ReadFile
OpenProcess
MultiByteToWideChar
MoveFileA
LoadLibraryA
LeaveCriticalSection
IsBadWritePtr
InitializeCriticalSection
GlobalUnlock
GlobalReAlloc
GlobalMemoryStatus
GlobalHandle
GlobalLock
GlobalFree
GlobalAlloc
GetWindowsDirectoryA
GetVersionExA
GetTickCount
GetThreadLocale
GetSystemInfo
GetSystemDirectoryA
GetStringTypeExA
GetStdHandle
GetProcAddress
GetPrivateProfileStringA
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetExitCodeThread
GetDriveTypeA
GetDiskFreeSpaceA
GetCurrentThreadId
GetCurrentProcessId
GetCommandLineA
GetCPInfo
GetACP
FreeLibrary
FormatMessageA
FindNextFileA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumCalendarInfoA
EnterCriticalSection
DeleteFileA
DeleteCriticalSection
CreateProcessA
CreateFileA
CreateEventA
CopyFileA
CompareStringA
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
SetCurrentDirectoryA
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLastError
GetCurrentDirectoryA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
CreateDirectoryA
ExitProcess
ExitThread
CreateThread
WriteFile
UnhandledExceptionFilter
SetFilePointer
SetEndOfFile
RtlUnwind
ReadFile
RaiseException
GetStdHandle
GetFileSize
GetFileType
CreateFileA
CloseHandle

advapi32

RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegFlushKey
RegEnumValueA
RegEnumKeyExA
RegCreateKeyExA
RegCloseKey
GetUserNameA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

gdi32

SetTextColor
SetBkMode
SetBkColor
GetStockObject
DeleteObject
CreateSolidBrush

ole32

CoTaskMemFree
CoUninitialize
CoInitialize

oleaut32

SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayRedim
SafeArrayCreate
VariantChangeTypeEx
VariantCopyInd
VariantCopy
VariantClear
VariantInit
GetErrorInfo
SysFreeString
SysFreeString
SysReAllocStringLen
SysAllocStringLen

shell32

ShellExecuteA
SHGetFileInfoA
SHGetSpecialFolderLocation
SHGetPathFromIDListA

user32

UnregisterClassA
TranslateMessage
ShowWindow
SetWindowTextA
SetWindowPos
SetWindowLongA
SetPropA
SetForegroundWindow
SetFocus
SetCursor
SendMessageA
RemovePropA
RegisterWindowMessageA
RegisterClassA
PostQuitMessage
PostMessageA
PeekMessageA
OffsetRect
MsgWaitForMultipleObjects
MessageBoxA
LoadStringA
LoadIconA
LoadCursorA
IsZoomed
IsWindowVisible
IsWindowEnabled
IsWindow
IsIconic
InvalidateRect
GetWindowTextLengthA
GetWindowTextA
GetWindowRect
GetWindowLongA
GetSystemMetrics
GetSystemMenu
GetSysColor
GetPropA
GetParent
GetMessageA
GetKeyState
GetFocus
GetClientRect
GetClassLongA
GetClassInfoA
GetCapture
FindWindowA
FillRect
EnableMenuItem
DispatchMessageA
DestroyWindow
DestroyIcon
DestroyAcceleratorTable
DeleteMenu
DefWindowProcA
CreateWindowExA
CopyImage
ClientToScreen
CallWindowProcA
CharNextA
GetKeyboardType
LoadStringA
MessageBoxA
CharNextA

wsock32

WSACleanup
WSAStartup
WSAGetLastError
WSACancelAsyncRequest
WSAAsyncGetServByName
WSAAsyncGetHostByName
WSAAsyncSelect
getservbyname
gethostbyname
socket
setsockopt
send
select
recv
ntohs
listen
ioctlsocket
inet_addr
htons
getsockopt
connect
closesocket
bind
accept

Sections

UPX0
Size: 260KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cf2e9759ec2efba16f0776951bfc76a0

Headers

File Characteristics

Imports

kernel32

advapi32

gdi32

ole32

oleaut32

shell32

user32

wsock32

Sections

UPX0 Size: 260KB - Virtual size: 260KB

.rsrc Size: 1KB - Virtual size: 4KB

.avp Size: 6KB - Virtual size: 8KB

UPX0
Size: 260KB - Virtual size: 260KB

.rsrc
Size: 1KB - Virtual size: 4KB

.avp
Size: 6KB - Virtual size: 8KB