74d5fcf843799f1b8156a80603d9e99c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

74d5fcf843799f1b8156a80603d9e99c_JaffaCakes118
Size

679KB
MD5

74d5fcf843799f1b8156a80603d9e99c
SHA1

1b2c5551e0519125578c3b4981f264f07e296c23
SHA256

7f9a3a27df8e467fbb099fe09ce435234a81bbb947f60955f12f347727a48902
SHA512

a2fd0a657accb832b40d6d25be377818a4c3d9211a6cfcaafe14bdc2fd9c4ead42796f65864019b420c98fd6336dcdee5a89d5413e1c145339f2e8c16f486669
SSDEEP

12288:95yTYQn9y8RVmotGfyaQeomndAARNQaacdD1ISen6UO1hZKtGs:gLfasadNNXacdDte6UeZSG

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
74d5fcf843799f1b8156a80603d9e99c_JaffaCakes118

Files

74d5fcf843799f1b8156a80603d9e99c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

67a69a3ee31254cec37914fcbac1118e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\src\Autoruns\Release\autorunsc.pdb

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

comctl32

ImageList_Add
ImageList_GetIcon
ImageList_ReplaceIcon

kernel32

EnterCriticalSection
CreateProcessA
MultiByteToWideChar
ExitThread
SetErrorMode
InitializeCriticalSection
TlsAlloc
SearchPathA
GetCommandLineW
GetPrivateProfileStringA
FreeLibrary
LoadLibraryExA
WritePrivateProfileSectionA
GetPrivateProfileSectionA
WritePrivateProfileStringA
FindClose
FindNextFileA
FindFirstFileA
CompareStringA
GetProcessHeap
SetEndOfFile
GetTimeZoneInformation
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
InterlockedExchange
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
LeaveCriticalSection
GetFileSize
GetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatA
GetTimeFormatA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetFileAttributesA
lstrcpyA
GetVersion
GetModuleHandleA
LocalAlloc
lstrcmpA
lstrlenA
FormatMessageA
GetStdHandle
WriteFile
LCMapStringA
LocalFree
CreateFileA
ReadFile
SetFilePointer
WideCharToMultiByte
GetWindowsDirectoryA
ExpandEnvironmentStringsA
SetEnvironmentVariableA
LoadLibraryA
GetProcAddress
GetLocaleInfoA
GetNumberFormatA
InterlockedIncrement
InterlockedDecrement
GetModuleFileNameA
TlsSetValue
GetCurrentProcess
GetLastError
CloseHandle
TlsGetValue
CompareStringW
IsValidCodePage
GetOEMCP
FreeEnvironmentStringsA
FlushFileBuffers
HeapSize
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetACP
GetCPInfo
GetCurrentThread
GetCurrentThreadId
SetLastError
TlsFree
ExitProcess
Sleep
GetModuleHandleW
GetFileType
SetHandleCount
lstrlenW
HeapAlloc
HeapFree
HeapReAlloc
RaiseException
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
DeleteCriticalSection
FatalAppExitA
VirtualFree
VirtualAlloc
HeapCreate
HeapDestroy
LCMapStringW

user32

LoadCursorA
LoadIconA
DestroyIcon
SetCursor
SendMessageA
LoadStringA
DialogBoxIndirectParamA
GetSysColorBrush
EndDialog
InflateRect
TrackPopupMenu
EnableMenuItem
GetDlgItem
SetDlgItemTextA
ShowWindow
GetMenu
DeleteMenu
GetSubMenu
InsertMenuA
SetWindowTextA
CheckMenuItem

gdi32

DeleteObject
GetDeviceCaps
SetMapMode
StartDocA
StartPage
EndPage
EndDoc

comdlg32

PrintDlgA

advapi32

RegOpenKeyA
OpenSCManagerA
OpenServiceA
RegCloseKey
RegOpenKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
CloseServiceHandle
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegQueryInfoKeyA
RegEnumKeyA
RegQueryValueA
RegLoadKeyA
RegUnLoadKeyA
RegCreateKeyA
RegEnumValueA
RegSetValueExA
RegDeleteKeyA
LookupAccountNameA
LookupAccountSidA
RegQueryValueExA
RegSetKeySecurity
RegGetKeySecurity
AllocateAndInitializeSid
GetTokenInformation
EqualSid
FreeSid
OpenProcessToken

shell32

SHGetFileInfoA
ShellExecuteA

ole32

CoTaskMemFree
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

VariantClear
VariantChangeType
VariantInit
SysStringByteLen
SysAllocStringByteLen
SysStringLen
SysAllocString
SysFreeString
SetErrorInfo
GetErrorInfo
CreateErrorInfo

shlwapi

UrlUnescapeA

Sections

.text
Size: 356KB - Virtual size: 355KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

67a69a3ee31254cec37914fcbac1118e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 356KB - Virtual size: 355KB

.rdata Size: 68KB - Virtual size: 68KB

.data Size: 6KB - Virtual size: 15KB

.rsrc Size: 103KB - Virtual size: 103KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 356KB - Virtual size: 355KB

.rdata
Size: 68KB - Virtual size: 68KB

.data
Size: 6KB - Virtual size: 15KB

.rsrc
Size: 103KB - Virtual size: 103KB

UPX0
Size: 144KB - Virtual size: 380KB