76a16a2b1411e222eb5a0d1ebb300c4b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

76a16a2b1411e222eb5a0d1ebb300c4b_JaffaCakes118
Size

257KB
MD5

76a16a2b1411e222eb5a0d1ebb300c4b
SHA1

5583a50759c5e0037126c6d0e72dbac4c415bcef
SHA256

4b0eca34bc9936bcc7138591caa2ece88d90dadd2771a4471414a856a005898e
SHA512

e46001b2d050f32fb800e552b56e567e291121848dc07301fbcefa9278da9e24a42cf6701f922789d71010e711574d75e7e3108d55abcb9050bdde8925cd9e94
SSDEEP

6144:ROXAdff3CFv1jsKuH4nP1XhF8/9a+vasUehSb/ralf:VdfKdyfHOBwFa+isUe4b/ro

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
76a16a2b1411e222eb5a0d1ebb300c4b_JaffaCakes118

Files

76a16a2b1411e222eb5a0d1ebb300c4b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c8c30f1d84758827d25de24feff78fe2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wbemtest.pdb

Imports

msvcrt

_controlfp
_onexit
__dllonexit
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
atoi
_finite
atol
wcstombs
wcslen
wcscpy
sscanf
mbstowcs
sprintf
wcsncpy
wcscspn
_mbsinc
qsort
strchr
_vsnprintf
_wtol
strstr
setlocale
wcschr
wcscat
swprintf
_snprintf
isspace
iswspace
__CxxFrameHandler

advapi32

GetTokenInformation
OpenThreadToken
OpenProcessToken
AdjustTokenPrivileges
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

kernel32

GetVersionExA
SetLastError
HeapAlloc
GetProcessHeap
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
lstrlenW
GetStringTypeExA
HeapFree
SwitchToThread
CreateEventA
SetEvent
GetCurrentProcess
GetCurrentThread
CloseHandle
GetWindowsDirectoryA
CompareStringA
InitializeCriticalSection
InterlockedDecrement
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
LCMapStringW
GetStartupInfoA
GetModuleHandleA
HeapReAlloc
GetProcAddress
LoadLibraryA
GetCurrentProcessId

user32

SetWindowLongA
DestroyWindow
FindWindowExA
IsDialogMessageA
IsWindow
MessageBoxA
GetWindowThreadProcessId
EnumWindows
GetDlgCtrlID
GetDlgItemTextW
wsprintfA
GetWindowTextLengthA
InvalidateRect
UpdateWindow
IsDlgButtonChecked
GetMessageA
TranslateMessage
PeekMessageA
DispatchMessageA
GetWindowLongA
PostMessageA
GetDlgItem
SetDlgItemTextA
ShowWindow
CreateDialogParamA
SetFocus
DialogBoxParamA
GetFocus
SetWindowTextA
EnableWindow
SendMessageA
GetWindowTextA
GetDlgItemTextA
LoadStringA
CheckRadioButton
SendDlgItemMessageA
EndDialog
MoveWindow
GetWindowRect
GetClientRect
GetDesktopWindow
MsgWaitForMultipleObjects
PostQuitMessage
SetCursor
LoadCursorA

wbemcomn

??0CVarVector@@QAE@XZ
??4CVarVector@@QAEAAV0@AAV0@@Z
??0WString@@QAE@PAGH@Z
?Size@CVarVector@@QAEHXZ
?FillCVarAt@CVarVector@@QAEXHAAVCVar@@@Z
??YWString@@QAEAAV0@ABV0@@Z
?SetUnknown@CVar@@QAEXPAUIUnknown@@@Z
?FillVariant@CVar@@QAEXPAUtagVARIANT@@H@Z
??1CVar@@QAE@XZ
?RemoveAt@CFlexArray@@QAEHH@Z
??4WString@@QAEAAV0@PBG@Z
?GetLPSTR@WString@@QBEPADXZ
?RemoveAt@CVarVector@@QAEHH@Z
??1CVarVector@@QAE@XZ
?SetBSTR@CVar@@QAEHPAG@Z
??0CVarVector@@QAE@HHH@Z
?SetVarVector@CVar@@QAEXPAVCVarVector@@H@Z
?Empty@CVar@@QAEXXZ
?Add@CVarVector@@QAEHAAVCVar@@@Z
?GetOleType@CVar@@QAEHXZ
??YWString@@QAEAAV0@PBG@Z
??YWString@@QAEAAV0@G@Z
??0CFlexArray@@QAE@HH@Z
??1CFlexArray@@QAE@XZ
?InsertAt@CFlexArray@@QAEHHPAX@Z
?GetNewVariant@CVar@@QAEPAUtagVARIANT@@XZ
??0WString@@QAE@PBD@Z
??4WString@@QAEAAV0@ABV0@@Z
??0WString@@QAE@XZ
?DeleteString@WString@@AAEXPAG@Z
?SetVariant@CVar@@QAEHPAUtagVARIANT@@H@Z
?Init@CVar@@AAEXXZ
?WbemMemFree@CWin32DefaultArena@@SAHPAX@Z
?WbemMemAlloc@CWin32DefaultArena@@SAPAXK@Z
??4CVar@@QAEAAV0@ABV0@@Z

oleaut32

SysAllocStringLen
SysStringLen
GetErrorInfo
SysAllocString
VariantInit
SysFreeString
VariantClear

ole32

CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
CoInitializeSecurity
CoInitializeEx
CoCreateInstance

Sections

.text
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c8c30f1d84758827d25de24feff78fe2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

user32

wbemcomn

oleaut32

ole32

Sections

.text Size: 91KB - Virtual size: 90KB

.data Size: 1024B - Virtual size: 18KB

.rsrc Size: 20KB - Virtual size: 20KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 91KB - Virtual size: 90KB

.data
Size: 1024B - Virtual size: 18KB

.rsrc
Size: 20KB - Virtual size: 20KB

UPX0
Size: 144KB - Virtual size: 380KB