72845ecc582f7d72b8690b54dae185d1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

72845ecc582f7d72b8690b54dae185d1_JaffaCakes118
Size

1.2MB
MD5

72845ecc582f7d72b8690b54dae185d1
SHA1

ab6595bb99981d8fea2975e88d0c0a4d8056438d
SHA256

288953a7da5c087e737a7d97007a3b3250efc9119f446c6c5390db129deb8f1c
SHA512

76c016cfcf34ca9fe98b368008dbe960f5b95eba037bcee09c06609100ca999629e589a7c364633b7156978b3ed657fa483f1b08ffd66fe7cc26f5e2444b8d85
SSDEEP

6144:Ixy+EtiDCb1H3shZTRMokuMFnHqBXMBE4No/x:UnmCxMjuMFn6Wxqx

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
72845ecc582f7d72b8690b54dae185d1_JaffaCakes118

Files

72845ecc582f7d72b8690b54dae185d1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

284d76ffdfc66d907638abd4630cefb9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winspool.drv

ord202
EnumPrinterDriversA
ord201
ClosePrinter
DocumentPropertiesA
OpenPrinterA
EnumPrintersA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
RtlUnwind
GetStartupInfoA
GetCommandLineA
ExitProcess
RaiseException
HeapAlloc
HeapFree
TerminateProcess
HeapReAlloc
GetCurrentProcess
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
SetUnhandledExceptionFilter
VirtualAlloc
IsBadWritePtr
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetErrorMode
WritePrivateProfileStringA
GetOEMCP
GetCPInfo
GetProcessVersion
TlsGetValue
LocalReAlloc
TlsSetValue
InterlockedExchange
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
GlobalFlags
lstrcpynA
MulDiv
SetLastError
LocalFree
Sleep
CloseHandle
GlobalAlloc
lstrcmpA
GetCurrentThread
MultiByteToWideChar
WideCharToMultiByte
InterlockedIncrement
FreeLibrary
GetVersion
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpyA
GetModuleHandleA
GlobalLock
GlobalUnlock
GlobalFree
LockResource
FindResourceA
GetModuleFileNameA
FindResourceExA
LoadResource
InterlockedDecrement
lstrlenA
GetUserDefaultLCID
GetSystemDirectoryA
GetWindowsDirectoryA
LoadLibraryA
GetProcAddress
GetVersionExA
GetComputerNameA
GetTimeFormatA
GetDateFormatA
GetACP
GetLastError
WriteProfileStringA
GetProfileStringA
HeapSize

user32

SetWindowTextA
ShowWindow
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
PostQuitMessage
SetCursor
GetCursorPos
ValidateRect
TranslateMessage
GetMessageA
ClientToScreen
GetDC
ReleaseDC
TabbedTextOutA
DrawTextA
GrayStringA
GetClassNameA
PtInRect
LoadCursorA
GetSysColorBrush
DestroyMenu
LoadStringA
LoadIconA
PostMessageA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
PeekMessageA
DispatchMessageA
GetFocus
SetFocus
AdjustWindowRectEx
GetClientRect
CopyRect
IsDialogMessageA
GetTopWindow
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
GetKeyState
UnregisterClassA
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetNextDlgTabItem
EndDialog
GetActiveWindow
SetActiveWindow
IsWindow
GetSystemMetrics
CreateDialogIndirectParamA
DestroyWindow
GetParent
GetWindowLongA
GetDlgItem
IsWindowEnabled
SendMessageA
LoadImageA
SendMessageTimeoutA
GetWindowThreadProcessId
MessageBoxA
IsWindowVisible
EnableWindow
GetPropA
DefWindowProcA

gdi32

GetObjectA
GetClipBox
SetTextColor
SetBkColor
CreateBitmap
DeleteDC
SaveDC
RestoreDC
SelectObject
GetStockObject
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
StretchBlt
DeleteObject
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
EndPage
EndDoc
StartPage
StartDocA
GetTextMetricsA
CreateFontIndirectA
GetTextExtentPoint32A
GetTextFaceA
CreateCompatibleDC
CreateDCA
SetTextAlign
GetDeviceCaps

advapi32

RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

comctl32

ord17

oleaut32

VariantClear
SysAllocString
SysFreeString

Sections

.text
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 972KB - Virtual size: 971KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 104KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

284d76ffdfc66d907638abd4630cefb9

Headers

File Characteristics

Imports

winspool.drv

version

kernel32

user32

gdi32

advapi32

comctl32

oleaut32

Sections

.text Size: 116KB - Virtual size: 112KB

.rdata Size: 28KB - Virtual size: 25KB

.data Size: 8KB - Virtual size: 23KB

.rsrc Size: 972KB - Virtual size: 971KB

.UPX0 Size: 104KB - Virtual size: 252KB

.text
Size: 116KB - Virtual size: 112KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 8KB - Virtual size: 23KB

.rsrc
Size: 972KB - Virtual size: 971KB

.UPX0
Size: 104KB - Virtual size: 252KB