628d07b711bc5e2d011ae7c45077942b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

628d07b711bc5e2d011ae7c45077942b_JaffaCakes118
Size

199KB
MD5

628d07b711bc5e2d011ae7c45077942b
SHA1

ef67bca37c3556fcb21199a3a19e4825076c5513
SHA256

2b64cd9514549dbd9aa262b34087fd7484b802d815ee9051f2e908a05073fff7
SHA512

ea8526870170657edfd24dfdd15915dd715cac0d4af77c341773f0313c40bf01138d296859abd14c2f67f52bc5ccf83dcb863dfc746f118d4f6b7f41d6077014
SSDEEP

3072:Hre2w9TpE0ILr+r4PfakWb8+k62UqzSUYIYDDC/KCRN0C34+TcvbmPxpXu5kAW:Hp0TSPyNp2ZYbwl4+TcexwO

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
628d07b711bc5e2d011ae7c45077942b_JaffaCakes118

Files

628d07b711bc5e2d011ae7c45077942b_JaffaCakes118
.exe windows:6 windows x86 arch:x86

f4046f771dde381fa607cef3b3791ca6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mctadmin.pdb

Imports

advapi32

RegCloseKey
RegEnumValueW
RegQueryInfoKeyW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
EventRegister
EventUnregister
EventWrite
RegEnumKeyExW
RegGetValueW

kernel32

GetUserGeoID
GetModuleHandleW
LocalFree
GetLastError
DeleteFileW
FormatMessageW
CompareStringOrdinal
GetLocaleInfoEx
GetGeoInfoW
CompareStringW
LocalAlloc
LoadLibraryW
GetPrivateProfileStringW
FindNextFileW
FindFirstFileW
ExpandEnvironmentStringsW
HeapSetInformation
RemoveDirectoryW
SetFileAttributesW
lstrlenW
GetPrivateProfileSectionNamesW
FreeLibrary
ReadFile
FlushFileBuffers
CloseHandle
CreateFileA
VirtualQuery
GetSystemInfo
VirtualProtect
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
EnumSystemLocalesEx
GetVersionExA
RaiseException
SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThreadId
HeapDestroy
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapAlloc
OutputDebugStringA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
LeaveCriticalSection
EnterCriticalSection
LoadLibraryExA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
Sleep
VirtualAlloc
HeapReAlloc
RtlUnwind
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetWindowsDirectoryW

user32

LoadStringW
MessageBoxW

ole32

CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitializeEx

shell32

SHRemoveLocalizedName
SHGetKnownFolderPath
SHGetLocalizedName
SHFileOperationW
SHSetLocalizedName
ord165

shlwapi

SHDeleteEmptyKeyW
PathRemoveFileSpecW
SHStrDupW
SHDeleteKeyW

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f4046f771dde381fa607cef3b3791ca6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

ole32

shell32

shlwapi

Sections

.text Size: 75KB - Virtual size: 75KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 4KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 75KB - Virtual size: 75KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB

.UPX0
Size: 108KB - Virtual size: 260KB