78c4d5beabe1291d4c39dcc8632f9937_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

78c4d5beabe1291d4c39dcc8632f9937_JaffaCakes118
Size

212KB
MD5

78c4d5beabe1291d4c39dcc8632f9937
SHA1

2bf20c5c27f058abe7242476c769727fe7d86d93
SHA256

b779c5d28667bb21aac661f12e299968a6c61e5d6cc107ffe1be194ae44dcd9e
SHA512

ddb86fbd8911eb1e9a62cbded5abcb1959e6264d39ae09649b71d20b7c05e274f56732996173aaf385ef62eb446543c358af65cf8ddd02beedc5a2e46a226745
SSDEEP

6144:EBJ5GdC71LQhZfpi56DVUtMu/FtdMQrYQ:nCRLQlGMu/jdVsQ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
78c4d5beabe1291d4c39dcc8632f9937_JaffaCakes118

Files

78c4d5beabe1291d4c39dcc8632f9937_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d7685ab131f5dac61e6a109b0d0fb9d6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

sigverif.pdb

Imports

msvcrt

_XcptFilter
_exit
_cexit
wcsstr
_wcsnicmp
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_c_exit
_wcsicmp
wcschr

advapi32

RegQueryValueExW
RegOpenKeyW
RegSetValueExW
RegCreateKeyExW
RegCloseKey

kernel32

GetCurrentProcess
GetStartupInfoA
GetModuleHandleA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
QueryPerformanceCounter
TerminateProcess
GetSystemTimeAsFileTime
lstrcpyW
SetCurrentDirectoryW
lstrlenW
GetFullPathNameW
HeapFree
HeapAlloc
GetProcessHeap
lstrcatW
GetWindowsDirectoryW
GetSystemDirectoryW
GetFileAttributesW
GetCommandLineW
GetSystemInfo
GetVersionExW
GetCurrentDirectoryW
lstrcmpW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileAttributesExW
GetDateFormatW
CompareStringW
CompareFileTime
SystemTimeToFileTime
DeleteFileW
CloseHandle
CreateFileW
LocalFree
FormatMessageW
WriteFile
GetTimeFormatW
GetFileSize
SetEndOfFile
SetFilePointer
MulDiv
CreateThread
GetLastError
FlushFileBuffers
FindClose
FindNextFileW
GetShortPathNameW
FindFirstFileW
GetCurrentProcessId
GetTickCount
GetCurrentThreadId

gdi32

SetTextAlign
SelectObject
SetTextColor
SetBkColor
GetTextExtentPoint32W
ExtTextOutW

user32

SetFocus
SetForegroundWindow
CreateWindowExW
MoveWindow
GetClientRect
GetWindowRect
wsprintfW
GetDlgItem
EndDialog
DestroyWindow
SetWindowLongW
EndPaint
GetSysColor
GetParent
BeginPaint
GetWindowLongW
DefWindowProcW
RegisterClassW
LoadCursorW
LoadStringW
MessageBoxW
PostMessageW
ShowWindow
WinHelpW
ChildWindowFromPoint
ScreenToClient
DestroyIcon
DialogBoxParamW
LoadIconW
FindWindowW
CharUpperBuffW
CharLowerBuffW
IsDlgButtonChecked
GetDlgItemTextW
CheckRadioButton
InvalidateRect
SetDlgItemTextW
EnableWindow
SendMessageW
SetClassLongW
CheckDlgButton

shell32

SHGetFileInfoW
SHGetSpecialFolderLocation
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW

comctl32

PropertySheetW
CreateStatusWindowW
ord17

setupapi

SetupDiSetDeviceInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupDiBuildDriverInfoList
SetupDiEnumDriverInfoW
SetupDiSetSelectedDriverW
SetupOpenFileQueue
SetupDiCallClassInstaller
SetupFindNextLine
SetupGetLineTextW
SetupFindFirstLineW
SetupGetTargetPathW
SetupCloseInfFile
SetupOpenInfFileW
SetupDiDestroyDeviceInfoList
SetupDiDestroyDriverInfoList
SetupCloseFileQueue
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupScanFileQueueW

winspool.drv

EnumPrinterDriversW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wintrust

WinVerifyTrust
CryptCATAdminEnumCatalogFromHash
IsCatalogFile
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminReleaseContext
CryptCATAdminAcquireContext
CryptCATAdminReleaseCatalogContext
CryptCATCatalogInfoFromContext

crypt32

CertFreeCertificateContext

sfc_os

SfcGetNextProtectedFile

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d7685ab131f5dac61e6a109b0d0fb9d6

Headers

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

gdi32

user32

shell32

comctl32

setupapi

winspool.drv

version

wintrust

crypt32

sfc_os

Sections

.text Size: 29KB - Virtual size: 28KB

.data Size: 512B - Virtual size: 3KB

.rsrc Size: 38KB - Virtual size: 37KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 29KB - Virtual size: 28KB

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 38KB - Virtual size: 37KB

UPX0
Size: 144KB - Virtual size: 380KB