8646fe845fadb41c2651a26456570788_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8646fe845fadb41c2651a26456570788_JaffaCakes118
Size

248KB
MD5

8646fe845fadb41c2651a26456570788
SHA1

d4486114cf4a7bc7cfb202f43559bf24cf205a03
SHA256

73cd22144333397f114ab9ea3eb90dfd85f66c5276b5d55e8b8d33f12171bde0
SHA512

66c6884489d86d23d9a385486b794e8e79894b2a7dce95849f19db58138934f72f987d86db0bce4d10bc9c8f664478566f1b1fe0cb1baa4909a7d67ffa044971
SSDEEP

3072:Fr6qg6/2yenujSUlbW5R+TcvE13VFsxsF+940yWp78WgD4Zamv4U5zw:96qJ/2nSSUlLcvWVFsx5AfjD4V5k

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8646fe845fadb41c2651a26456570788_JaffaCakes118

Files

8646fe845fadb41c2651a26456570788_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e43f40f1941053f96a21a271cdc54bb1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

PDB Paths

sysocmgr.pdb

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenThreadToken

kernel32

GetModuleHandleA
GetLastError
GetModuleHandleW
GetProcAddress
LoadLibraryW
SetLastError
GetModuleFileNameW
OutputDebugStringA
FreeLibrary
lstrcmpiW
lstrcpyW
WideCharToMultiByte
GetCurrentProcess
GetCurrentThread
GetFullPathNameW
ExpandEnvironmentStringsW
SetCurrentDirectoryW
GetCurrentDirectoryW
LoadLibraryA
ReleaseMutex
Sleep
CloseHandle
CreateThread
CreateMutexW
lstrcatW
GetVersionExW
VirtualProtect
LocalFree
GetCurrentProcessId
lstrcpynW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetVersionExA
HeapFree
HeapAlloc
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
RtlUnwind
InterlockedExchange
VirtualQuery
VirtualAlloc
HeapReAlloc
LCMapStringA
LCMapStringW
GetSystemInfo
GetLocaleInfoA
GetCPInfo
GetStringTypeA
GetStringTypeW
FormatMessageW
LocalAlloc

gdi32

GetDeviceCaps

user32

SetWindowLongW
PostMessageW
GetParent
EndDialog
ReleaseDC
GetDC
SendMessageW
GetWindowRect
SystemParametersInfoW
MoveWindow
LoadCursorW
ExitWindowsEx
wvsprintfW
LoadStringW
SetCursor
DialogBoxParamW
AllowSetForegroundWindow
MessageBoxW

ocmanage

OcCreateOcPage
OcGetWizardPages
OcSubComponentsPresent
OcTerminate
OcCreateSetupPage
OcRememberWizardDialogHandle
OcInitialize

shell32

ord730

ntdll

DbgPrintEx

setupapi

pSetupFree

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e43f40f1941053f96a21a271cdc54bb1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

ocmanage

shell32

ntdll

setupapi

Sections

.text Size: 26KB - Virtual size: 26KB

.data Size: 512B - Virtual size: 4KB

.rsrc Size: 76KB - Virtual size: 75KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 26KB - Virtual size: 26KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 76KB - Virtual size: 75KB

UPX0
Size: 144KB - Virtual size: 380KB