6a0a6a5478a5e4fb3d31d373db4f8255_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6a0a6a5478a5e4fb3d31d373db4f8255_JaffaCakes118
Size

1.3MB
MD5

6a0a6a5478a5e4fb3d31d373db4f8255
SHA1

e1deb912d23c23afa498d7c57b0e26cf378b50f6
SHA256

9f6edbb8fc163e18504287f630ae0ac0709c34839ea93d70b5a04e75a44638ca
SHA512

9583c975d95f06a2de1a354ed0ba3e50db54075c51f38853761cc214ffb77f963783ba7857a77e8d0c0ac10990530d99679fb0ec766a2f572337fc252e287af4
SSDEEP

6144:Rz+Wm4XVfvaD1j3rkUbEPgkqCR4qoOfbZZTRatNZ5sdnx:Rz+WmGxvaD1n3EPRzfTReZKdx

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6a0a6a5478a5e4fb3d31d373db4f8255_JaffaCakes118

Files

6a0a6a5478a5e4fb3d31d373db4f8255_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bb10de97b5e5f670a2d66258e1452470

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
FreeEnvironmentStringsW
SetUnhandledExceptionFilter
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
GetStringTypeA
GetFileType
FreeEnvironmentStringsA
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
UnhandledExceptionFilter
GetStdHandle
SetHandleCount
GetACP
GetTimeZoneInformation
HeapReAlloc
HeapSize
HeapFree
TerminateProcess
ExitProcess
HeapAlloc
RaiseException
RtlUnwind
GetCommandLineA
GetStartupInfoA
GetStringTypeW
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
lstrcpyA
GlobalFree
LockResource
FindResourceA
LoadResource
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
GlobalLock
GlobalUnlock
MulDiv
GetProcAddress
SetLastError
GetModuleHandleA
CreateProcessA
GetLastError
FormatMessageA
LocalFree
WaitForSingleObject
GetFileTime
GetTickCount
GetFileSize
GetFileAttributesA
FileTimeToLocalFileTime
FileTimeToSystemTime
CompareStringW
GetVolumeInformationA
GetProfileStringA
GetFullPathNameA
FindFirstFileA
FindClose
UnlockFile
SetEndOfFile
SetFilePointer
LockFile
FlushFileBuffers
CreateFileA
WriteFile
ReadFile
SetErrorMode
GetCurrentProcess
DuplicateHandle
GetCPInfo
GetOEMCP
WritePrivateProfileStringA
TlsGetValue
GlobalReAlloc
LocalReAlloc
TlsSetValue
TlsAlloc
TlsFree
GlobalHandle
SizeofResource
LocalAlloc
GetProcessVersion
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
lstrcpynA
InitializeCriticalSection
GlobalFlags
lstrcatA
GetThreadLocale
GetVersion
GlobalFindAtomA
GlobalGetAtomNameA
GlobalAddAtomA
LoadLibraryA
FreeLibrary
GetModuleFileNameA
CloseHandle
SetEnvironmentVariableA
GlobalAlloc
GetCurrentDirectoryA

user32

PostThreadMessageA
CopyAcceleratorTableA
InflateRect
GetSysColorBrush
LoadStringA
GetClassNameA
DestroyMenu
GetDesktopWindow
CharNextA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
MapWindowPoints
AdjustWindowRectEx
GetTopWindow
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
RegisterClipboardFormatA
DefWindowProcA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
SetWindowLongA
RegisterWindowMessageA
IntersectRect
SystemParametersInfoA
GetWindowPlacement
MapDialogRect
GetWindow
GetNextDlgGroupItem
GetMenuCheckMarkDimensions
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
TranslateMessage
GetKeyState
CallNextHookEx
ValidateRect
PeekMessageA
SetWindowsHookExA
GetLastActivePopup
MessageBoxA
GetNextDlgTabItem
EndDialog
SetActiveWindow
CreateDialogIndirectParamA
GetWindowLongA
GetDlgItem
IsWindowEnabled
EndPaint
BeginPaint
GetWindowDC
CopyRect
SetRect
SetWindowPos
TrackMouseEvent
UpdateWindow
GetActiveWindow
IsChild
IsWindowVisible
EqualRect
CreateWindowExA
SetFocus
GetWindowTextA
DestroyWindow
GetDC
ReleaseDC
FillRect
IsWindow
CharUpperA
MessageBeep
GetWindowTextLengthA
SetWindowContextHelpId
GrayStringA
DrawTextA
TabbedTextOutA
InvalidateRect
GetCursorPos
ScreenToClient
GetCapture
SetCapture
GetMessageA
ClientToScreen
DispatchMessageA
ReleaseCapture
GetDlgCtrlID
GetParent
GetSysColor
EnableWindow
LoadCursorA
SetCursor
PostQuitMessage
GetWindowRect
OffsetRect
PtInRect
PostMessageA
IsIconic
GetClientRect
DrawIcon
SendMessageA
GetSystemMetrics
LoadIconA
LoadBitmapA
RemovePropA
CallWindowProcA
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
DefDlgProcA
IsWindowUnicode

gdi32

SetTextColor
SetWindowExtEx
ScaleWindowExtEx
IntersectClipRect
GetObjectA
GetViewportExtEx
GetWindowExtEx
GetDeviceCaps
CreateBitmap
PatBlt
GetBkColor
GetMapMode
GetTextColor
DPtoLP
LPtoDP
ScaleViewportExtEx
SetViewportExtEx
GetTextExtentPointA
SetViewportOrgEx
SetMapMode
OffsetViewportOrgEx
RestoreDC
SetBkColor
DeleteDC
SaveDC
GetTextMetricsA
DeleteObject
Escape
SelectObject
SetBkMode
TextOutA
RectVisible
ExtTextOutA
PtVisible
CreateSolidBrush
CreatePen
CreateFontIndirectA
GetStockObject
GetClipBox
CreateCompatibleDC
BitBlt
CreateDIBitmap

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA

shell32

ShellExecuteA

comctl32

_TrackMouseEvent
ord17

oledlg

ord8

ole32

OleInitialize
OleUninitialize
CoFreeUnusedLibraries
CoTaskMemAlloc
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoRegisterMessageFilter
StgOpenStorageOnILockBytes
OleIsCurrentClipboard
OleFlushClipboard
CoRevokeClassObject
CreateILockBytesOnHGlobal
CoTaskMemFree
StgCreateDocfileOnILockBytes

olepro32

ord253

oleaut32

SysStringLen
SysFreeString
VariantCopy
VariantClear
SysAllocStringLen
SysAllocStringByteLen
VariantTimeToSystemTime
VariantChangeType
SysAllocString

Sections

.text
Size: 152KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1000KB - Virtual size: 998KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 104KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bb10de97b5e5f670a2d66258e1452470

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

Sections

.text Size: 152KB - Virtual size: 148KB

.rdata Size: 40KB - Virtual size: 37KB

.data Size: 12KB - Virtual size: 26KB

.rsrc Size: 1000KB - Virtual size: 998KB

.UPX0 Size: 104KB - Virtual size: 252KB

.text
Size: 152KB - Virtual size: 148KB

.rdata
Size: 40KB - Virtual size: 37KB

.data
Size: 12KB - Virtual size: 26KB

.rsrc
Size: 1000KB - Virtual size: 998KB

.UPX0
Size: 104KB - Virtual size: 252KB