5f956fe6a14ef3e51070e818d9ab0a5f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5f956fe6a14ef3e51070e818d9ab0a5f_JaffaCakes118
Size

352KB
MD5

5f956fe6a14ef3e51070e818d9ab0a5f
SHA1

7a359861f898f7f124179e135f35a7bafbb3878c
SHA256

1dc702eb641be1956b6c79e851440ac2ac8963227653dada983c99d08717c5a4
SHA512

3fd084cef1511affe46bb1896470e28b75b514ae400b676ea30b87829227b4fe32e60e038a56a0c1d6dc7f9cb70a07348120e0ff9e14931a6739f0909d53528e
SSDEEP

6144:V+pytSHUychGs2mjmqX+SNJINbcKHCh/x65q7j:VYy0CPmqX/INIUCh/

Score

8^/10

Malware Config

Signatures

Patched UPX-packed file 1 IoCs

Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

resource	yara_rule
sample	patched_upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5f956fe6a14ef3e51070e818d9ab0a5f_JaffaCakes118

Files

5f956fe6a14ef3e51070e818d9ab0a5f_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e2798781a94e98d4a215ceb300f68b1a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Documents and Settings\Don Fowler\My Documents\My Projects\SuperAdBlocker.com\Global Classes\upx\deupx\Release\deupx.pdb

Imports

kernel32

GetSystemTime
SetConsoleTextAttribute
SetConsoleCursorPosition
GetConsoleScreenBufferInfo
WriteConsoleOutputA
GetConsoleCursorInfo
SetConsoleCursorInfo
GetConsoleMode
GetStdHandle
ScrollConsoleScreenBufferA
EnterCriticalSection
LeaveCriticalSection
ExitProcess
HeapFree
RaiseException
GetLastError
HeapAlloc
HeapReAlloc
RtlUnwind
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
IsBadReadPtr
GetSystemTimeAsFileTime
PeekConsoleInputA
GetNumberOfConsoleInputEvents
SetStdHandle
GetFileType
GetModuleFileNameA
GetCurrentThreadId
GetCommandLineA
GetVersionExA
SetHandleCount
GetStartupInfoA
DeleteCriticalSection
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
HeapSize
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
WriteFile
FlushFileBuffers
CreateFileA
CloseHandle
VirtualProtect
GetSystemInfo
VirtualQuery
InitializeCriticalSection
GetACP
GetOEMCP
GetCPInfo
FindNextFileA
FindFirstFileA
FindClose
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
InterlockedExchange
LoadLibraryA
IsBadCodePtr
SetFilePointer
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
ReadFile

Exports

Exports

?DecodeUPX@@YA_NPAXKPAPAXPAK@Z
?FreeUPXBuffer@@YAXPAX@Z
?RegisterProcessWithUPXDecoder@@YA_NPAX@Z

Sections

.text
Size: 204KB - Virtual size: 202KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e2798781a94e98d4a215ceb300f68b1a

Headers

File Characteristics

PDB Paths

Imports

kernel32

Exports

Exports

Sections

.text Size: 204KB - Virtual size: 202KB

.rdata Size: 112KB - Virtual size: 111KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 4KB - Virtual size: 896B

.reloc Size: 20KB - Virtual size: 17KB

.text
Size: 204KB - Virtual size: 202KB

.rdata
Size: 112KB - Virtual size: 111KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 4KB - Virtual size: 896B

.reloc
Size: 20KB - Virtual size: 17KB