71d32f0368dfbb75380a470d604a2a38_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

71d32f0368dfbb75380a470d604a2a38_JaffaCakes118
Size

476KB
MD5

71d32f0368dfbb75380a470d604a2a38
SHA1

b26dbf861f4ef4d3b8f34eb64d5f19c6c6c2b58e
SHA256

5fe1741c9c597c2c17104e9fcb872c464119a355cb519954fe7cfe1e55933e0a
SHA512

49afa53677e34421816b5d329c7445c58cb913c89bc8a2fc63563a6675ca2121fe9c0feabfe2bb08706da9fbb0533bd8637f2aa3eda7e37bf794e9d9a739c877
SSDEEP

3072:CHzkQoRd6Qq2ZNKzCr2ql31EI2sLbD+RPgJBrI5iAg79x49xtbl3DwZuxL29Q0nj:H3Pt2I3LigJBrPCxtJzFcW0nlV

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
71d32f0368dfbb75380a470d604a2a38_JaffaCakes118

Files

71d32f0368dfbb75380a470d604a2a38_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4e4306865eca88095e6fe728c2134d72

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetTickCount
lstrcmpiA
GetCurrentThreadId
InitializeCriticalSection
GetCommandLineA
Sleep
ReleaseMutex
GetLastError
CreateMutexA
SetPriorityClass
GetCurrentProcess
DeleteCriticalSection
InterlockedIncrement
lstrlenA
lstrcatA
GetModuleFileNameA
MultiByteToWideChar
LeaveCriticalSection
EnterCriticalSection
GetShortPathNameA
GetModuleHandleA
FreeLibrary
SetStdHandle
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
LCMapStringA
GetStringTypeW
GetStringTypeA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
TerminateProcess
FlushFileBuffers
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetOEMCP
GetACP
InterlockedDecrement
lstrlenW
WideCharToMultiByte
WriteFile
SetFilePointer
GetCPInfo
CloseHandle
GetSystemDirectoryA
MulDiv
LocalAlloc
LocalFree
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetProcAddress
ExitProcess
GetVersion
GetStartupInfoA
RtlUnwind
HeapFree
HeapAlloc
LCMapStringW
lstrcpyA

user32

MessageBoxA
DestroyWindow
TranslateMessage
GetMessageA
DispatchMessageA
SetForegroundWindow
GetForegroundWindow
SetTimer
SetWindowLongA
CreateWindowExA
RegisterClassExA
LoadCursorA
UpdateWindow
ShowWindow
PostQuitMessage
DefWindowProcA
EndPaint
MoveWindow
GetDlgItem
CreateDialogParamA
KillTimer
CharNextA
EndDialog
GetSubMenu
GetCursorPos
TrackPopupMenu
DestroyMenu
LoadMenuA
ScreenToClient
PtInRect
SendMessageA
BeginPaint
GetClientRect
FillRect

gdi32

SelectObject
SetTextColor
SetBkColor
TextOutA
GetStockObject
DeleteObject
CreateFontIndirectA

advapi32

RegQueryValueExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA

ole32

CoCreateFreeThreadedMarshaler
CoDisconnectObject
CoInitialize
CoRegisterClassObject
CoRevokeClassObject
CoUninitialize
CoCreateInstance

oleaut32

SysStringLen
LoadRegTypeLi
LoadTypeLi
SysAllocString
SysFreeString
VariantInit
SafeArrayPutElement
SafeArrayCreate
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
RegisterTypeLi

comctl32

ord6

winmm

mixerGetNumDevs
mixerGetControlDetailsA
mixerGetLineControlsA
mixerGetLineInfoA
mixerOpen
mixerClose
mixerGetDevCapsA

synthcorea

ord49
ord24
ord11
ord51
ord9
ord12
ord34
ord3
ord7
ord72
ord73
ord74
ord2
ord6
ord13
ord68
ord31
ord40
ord5
ord4
ord8
ord26
ord48
ord28
ord52
ord25
ord45
ord47
ord46
ord53
ord71
ord70
ord10
ord37
ord22
ord43
ord44
ord66
ord67
ord19
ord41
ord54
ord55
ord15
ord56
ord69
ord18
ord75
ord32
ord39
ord38
ord35
ord57
ord58
ord59
ord20
ord42
ord14
ord17
ord21
ord27
ord16
ord33
ord36
ord23
ord60
ord61
ord62
ord63
ord64
ord65
ord1
ord50
ord29

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 104KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4e4306865eca88095e6fe728c2134d72

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

comctl32

winmm

synthcorea

Sections

.text Size: 60KB - Virtual size: 57KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 16KB - Virtual size: 85KB

.rsrc Size: 280KB - Virtual size: 279KB

.UPX0 Size: 104KB - Virtual size: 252KB

.text
Size: 60KB - Virtual size: 57KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 16KB - Virtual size: 85KB

.rsrc
Size: 280KB - Virtual size: 279KB

.UPX0
Size: 104KB - Virtual size: 252KB