659c8f4ff6d75e6fe3e7eb10152f0cf4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

659c8f4ff6d75e6fe3e7eb10152f0cf4_JaffaCakes118
Size

81KB
MD5

659c8f4ff6d75e6fe3e7eb10152f0cf4
SHA1

68845d607e6917bdcdc209a5e93a50fc1340fe06
SHA256

27e8ad16876895b9b8c49c3a5676285a0ea69dd6e21b26648389fe63f87d08f3
SHA512

dbbbaaeeb34ed840d766aca60427f27ff671a45ca835aa9b3d0c753b5bb61e1834b68b6dd2842aec0765f847775e626870449ddd70e54660ef96fc3294b3620d
SSDEEP

1536:OvsDLXuCiO0oiASdA/+vWGk7dEE/429ZDFizkbVuc:OvYu5O0oiASdA/+vWTdR/429ZDkobVuc

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
659c8f4ff6d75e6fe3e7eb10152f0cf4_JaffaCakes118

Files

659c8f4ff6d75e6fe3e7eb10152f0cf4_JaffaCakes118
.dll windows:4 windows x86 arch:x86

d778ce3934fc6c0d6535e554a39a683b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
GetProcessHeap
lstrcatA
lstrlenA
lstrcpyA
GetSystemTime
GetLastError
GetCurrentProcess
GetVersionExA
FindClose
FindNextFileA
DeleteFileA
FindFirstFileA
SetCurrentDirectoryA
GlobalUnlock
GlobalLock
GlobalAlloc
ReadFile
PeekNamedPipe
WriteFile
Sleep
TerminateThread
GetExitCodeProcess
CreateProcessA
GetEnvironmentVariableA
GetStartupInfoA
CloseHandle
CreatePipe
CreateThread
lstrcmpA
SetThreadPriority
CreateFileA
GetFileSize
GetVolumeInformationA
GetDiskFreeSpaceExA
GetDriveTypeA
GetLogicalDriveStringsA
lstrcmpiA
GetTempPathA
GetComputerNameA
GetSystemDirectoryA
GetTickCount
SetFilePointer
LoadLibraryA
GetModuleHandleA
CreateMutexA
Process32Next
Process32First
CreateToolhelp32Snapshot
TerminateProcess
OpenProcess
ExitProcess
FreeLibrary
GetProcAddress
GetTimeFormatA
GetDateFormatA
GetLocalTime
GetWindowsDirectoryA
MoveFileA
GetModuleFileNameA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
FileTimeToSystemTime
SystemTimeToFileTime
HeapReAlloc
HeapFree
HeapAlloc

advapi32

OpenProcessToken
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyA
RegEnumKeyExA
GetUserNameA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupPrivilegeValueA
AdjustTokenPrivileges

dnsapi

DnsQuery_A

gdi32

CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
SelectObject
BitBlt
DeleteDC
DeleteObject

ole32

CoTaskMemFree

shell32

ShellExecuteA
SHGetSpecialFolderLocation
SHGetPathFromIDListA

user32

ExitWindowsEx
CloseClipboard
GetClipboardData
OpenClipboard
IsClipboardFormatAvailable
SetClipboardData
EmptyClipboard
GetWindowTextA
GetForegroundWindow
GetAsyncKeyState
MapVirtualKeyA
ToAsciiEx
wsprintfA
GetKeyNameTextA
CallNextHookEx
DispatchMessageA
TranslateMessage
GetMessageA
UnhookWindowsHookEx
SetWindowsHookExA
GetKeyboardState
IsCharAlphaNumericA
GetSystemMetrics
ReleaseDC
GetDC
GetDesktopWindow
MessageBoxA
GetKeyboardLayout

wininet

HttpSendRequestA
HttpQueryInfoA
InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle
InternetGetConnectedState
InternetCheckConnectionA
InternetConnectA
HttpOpenRequestA

ws2_32

Exports

Exports

?KeyEvent@@YGJHIJ@Z
?MouseEvent@@YGJHIJ@Z

Sections

UPX0
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d778ce3934fc6c0d6535e554a39a683b

Headers

File Characteristics

Imports

kernel32

advapi32

dnsapi

gdi32

ole32

shell32

user32

wininet

ws2_32

Exports

Exports

Sections

UPX0 Size: 76KB - Virtual size: 76KB

UPX2 Size: 1024B - Virtual size: 4KB

.avp Size: 3KB - Virtual size: 4KB

UPX0
Size: 76KB - Virtual size: 76KB

UPX2
Size: 1024B - Virtual size: 4KB

.avp
Size: 3KB - Virtual size: 4KB