65e0ef2a8631cbf6a4a61c942ce16569_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

65e0ef2a8631cbf6a4a61c942ce16569_JaffaCakes118
Size

160KB
MD5

65e0ef2a8631cbf6a4a61c942ce16569
SHA1

0788e38009d4a79f4471bb44c0a793a92769af30
SHA256

4ed7ef383e23c0761ef90ed02e6c3dc4eab1056cbef088ce51341742c0426c09
SHA512

b23c6fd51293b7f52c007ca8b160a9e04292e4b7143696ea9654c38276f15608f754c6d3ceb75fc6e8c2098291042ac7f202a00d56d865de133f38e37e4767f9
SSDEEP

3072:mMPXSAcL2eClGCNksd8LL/Wwv0NrI7GR4lcEcs8vnky9+lWBBkul1X:UAmr5LWtSGRIVOkjq7ll

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
65e0ef2a8631cbf6a4a61c942ce16569_JaffaCakes118

Files

65e0ef2a8631cbf6a4a61c942ce16569_JaffaCakes118
.exe windows:6 windows x86 arch:x86

c9bca501dfd0bb06b7e7519a7fc6e9ba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

replace.pdb

Imports

kernel32

GetCommandLineW
GetLastError
CopyFileW
HeapSetInformation
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedCompareExchange
Sleep
InterlockedExchange
UnhandledExceptionFilter

msvcrt

_controlfp
__getmainargs
_cexit
_exit
_XcptFilter
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
exit
_except_handler4_common

ulib

?Initialize@PATH@@QAEEPBGE@Z
??0PATH@@QAE@XZ
??1PATH_ARGUMENT@@UAE@XZ
??1DSTRING@@UAE@XZ
?QueryFullPath@PATH@@QBEPAV1@XZ
?QueryPath@PATH@@QBEPAV1@XZ
?IsValueSet@ARGUMENT@@QAEEXZ
?Put@ARRAY@@UAEEPAVOBJECT@@@Z
?Initialize@FLAG_ARGUMENT@@QAEEPAVWSTRING@@@Z
?Initialize@PATH_ARGUMENT@@QAEEPADE@Z
?Initialize@WSTRING@@QAEEPBGK@Z
??0DSTRING@@QAE@XZ
??0PATH_ARGUMENT@@QAE@XZ
??0FLAG_ARGUMENT@@QAE@XZ
?Compare@OBJECT@@UBEJPBV1@@Z
??0ARRAY@@QAE@XZ
?QueryString@WSTRING@@QBEPAV1@KK@Z
?SetAttributes@FSNODE@@QAEEKPAK@Z
?GotABreak@KEYBOARD@@SGEXZ
??0PROGRAM@@IAE@XZ
?DisplayMessage@PROGRAM@@UBAEKW4MESSAGE_TYPE@@PADZZ
?DisplayMessage@PROGRAM@@UBEEKW4MESSAGE_TYPE@@@Z
?Initialize@ARRAY@@QAEEKK@Z
?Fatal@PROGRAM@@UBEXXZ
?GetStandardInput@PROGRAM@@UAEPAVSTREAM@@XZ
?HasWildCard@PATH@@QBEEXZ
?GetStandardError@PROGRAM@@UAEPAVSTREAM@@XZ
?Usage@PROGRAM@@UBEXXZ
?ValidateVersion@PROGRAM@@UBEXKK@Z
?EnableBreakHandling@KEYBOARD@@SGEXZ
?Initialize@KEYBOARD@@QAEEEE@Z
??0KEYBOARD@@QAE@XZ
??1PATH@@UAE@XZ
?TruncateBase@PATH@@QAEEXZ
?Initialize@PATH@@QAEEPBV1@E@Z
?QueryDirectory@SYSTEM@@SGPAVFSN_DIRECTORY@@PBVPATH@@E@Z
??1FSN_FILTER@@UAE@XZ
?QueryFsnodeArray@FSN_DIRECTORY@@QBEPAVARRAY@@PAVFSN_FILTER@@@Z
?SetAttributes@FSN_FILTER@@QAEEKKK@Z
?SetFileName@FSN_FILTER@@QAEEPBVWSTRING@@@Z
?Initialize@FSN_FILTER@@QAEEXZ
??0FSN_FILTER@@QAE@XZ
??_7OBJECT@@6B@
??1OBJECT@@UAE@XZ
?QueryWSTR@WSTRING@@QBEPAGKKPAGKE@Z
?UlibRealloc@@YGPAXPAXK@Z
?Initialize@PROGRAM@@QAEEKKK@Z
??1PROGRAM@@UAE@XZ
?AppendBase@PATH@@QAEEPBVWSTRING@@E@Z
??MTIMEINFO@@QBEEV0@@Z
?Traverse@FSN_DIRECTORY@@QBEEPAXPAVFSN_FILTER@@PAVPATH@@P6GE0PAVFSNODE@@2@Z@Z
?EnableLineMode@KEYBOARD@@QAEEXZ
?DisableLineMode@KEYBOARD@@QAEEXZ
?Initialize@CLASS_DESCRIPTOR@@QAEEXZ
??0CLASS_DESCRIPTOR@@QAE@XZ
?QueryFile@SYSTEM@@SGPAVFSN_FILE@@PBVPATH@@EPAE@Z
?GetStandardOutput@PROGRAM@@UAEPAVSTREAM@@XZ
??0ARGUMENT_LEXEMIZER@@QAE@XZ
?Initialize@ARGUMENT_LEXEMIZER@@QAEEPAVARRAY@@@Z
?PutMultipleSwitch@ARGUMENT_LEXEMIZER@@QAEXPBVWSTRING@@@Z
?PutSwitches@ARGUMENT_LEXEMIZER@@QAEXPBVWSTRING@@@Z
?SetCaseSensitive@ARGUMENT_LEXEMIZER@@QAEXE@Z
?PutSeparators@ARGUMENT_LEXEMIZER@@QAEXPBD@Z
?PrepareToParse@ARGUMENT_LEXEMIZER@@QAEEPAVWSTRING@@@Z
?DoParsing@ARGUMENT_LEXEMIZER@@QAEEPAVARRAY@@@Z
?QueryInvalidArgument@ARGUMENT_LEXEMIZER@@QAEPAVWSTRING@@XZ
??1ARRAY@@UAE@XZ
??1ARGUMENT_LEXEMIZER@@UAE@XZ
?Initialize@WSTRING@@QAEEPBDK@Z
?Fatal@PROGRAM@@UBAXKKPADZZ

ntdll

RtlAllocateHeap
RtlFreeHeap

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 974B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c9bca501dfd0bb06b7e7519a7fc6e9ba

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcrt

ulib

ntdll

Sections

.text Size: 12KB - Virtual size: 11KB

.data Size: 512B - Virtual size: 936B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 974B

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 12KB - Virtual size: 11KB

.data
Size: 512B - Virtual size: 936B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 974B

UPX0
Size: 144KB - Virtual size: 380KB