873d5e66de3ab36a197cd59a5607bac9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

873d5e66de3ab36a197cd59a5607bac9_JaffaCakes118
Size

215KB
MD5

873d5e66de3ab36a197cd59a5607bac9
SHA1

249436c36d0faa41dcf0ec119bed9efa7a9b601a
SHA256

95dcb8ca2aa5151f47e8f2ee067ef45533ce8da4faea5de36f7f096e9e8d8963
SHA512

ad89d946ef5346822d3d15c6c9256eb7acf25bc4c3cde593d7bc7a89081f772d03c38f2bb81171b12b30a4ee4a1f6b6394e91594fa2f70c2644769ffd87ff41b
SSDEEP

3072:+QN+5p1a/BYwuiyrFWJNqyuwRRtWqIpwQSECnwcbhWkqWUgseL3njBVJINtkR783:Tc5jrFWDqyFLvAwfc+tL3jT783

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
873d5e66de3ab36a197cd59a5607bac9_JaffaCakes118

Files

873d5e66de3ab36a197cd59a5607bac9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

20f30398beae32b86d10ffa7cd5eddbd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

magnify.pdb

Imports

mfc42u

ord4215
ord2576
ord3649
ord2430
ord2858
ord1637
ord1143
ord640
ord4155
ord323
ord2397
ord6266
ord613
ord6153
ord5787
ord289
ord755
ord5871
ord283
ord470
ord2634
ord3087
ord6330
ord2078
ord2403
ord2015
ord4213
ord2570
ord6051
ord1768
ord4392
ord5286
ord3397
ord4418
ord3577
ord567
ord616
ord5781
ord2294
ord1761
ord2637
ord4269
ord815
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord2717
ord4074
ord4692
ord5303
ord5285
ord5710
ord4616
ord3733
ord561
ord2613
ord4270
ord6195
ord3737
ord818
ord2144
ord1230
ord1633
ord1634
ord1569
ord3687
ord2855
ord3568
ord2406
ord3621
ord1165
ord823
ord3658
ord6456
ord4279
ord6211
ord6451
ord6374
ord6376
ord6373
ord4229
ord825
ord324
ord641
ord3592
ord4419
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5276
ord4347
ord6370
ord5157
ord2377
ord5237
ord4401
ord1767
ord4073
ord6048
ord2506
ord4704
ord4992
ord4847
ord4370
ord5261
ord3792
ord540
ord3871
ord800
ord6193
ord2371
ord2859
ord3133
ord2293

msvcrt

_XcptFilter
_cexit
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
??1type_info@@UAE@XZ
_onexit
__CxxFrameHandler
_wcsicmp
wcscpy
_exit
_c_exit
_controlfp
?terminate@@YAXXZ
__dllonexit

advapi32

RegOpenKeyExA
AllocateAndInitializeSid
DuplicateTokenEx
OpenProcessToken
IsWellKnownSid
GetAce
GetAclInformation
GetSecurityDescriptorDacl
FreeSid
RegSetValueExW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
CheckTokenMembership

kernel32

GetTickCount
GetProcAddress
GetModuleHandleW
MulDiv
CloseHandle
lstrcmpiW
WaitForMultipleObjects
CreateThread
GetCurrentThreadId
OpenEventW
CreateEventW
SetEvent
GetLastError
lstrlenW
OpenProcess
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleA
GetStartupInfoW
GetVersionExA
LoadLibraryA

gdi32

CreateFontIndirectW
SetBitmapDimensionEx
ExtTextOutW
StretchBlt
BitBlt
GetStockObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
RealizePalette
GetObjectW
GetDeviceCaps
DeleteObject
CreatePalette
PatBlt

user32

OpenWindowStationW
SetProcessWindowStation
GetSystemMetrics
PtInRect
SetRectEmpty
InflateRect
CopyRect
EqualRect
GetWindowRect
GetClientRect
ClientToScreen
UpdateWindow
IsWindowVisible
SetTimer
KillTimer
GetActiveWindow
SystemParametersInfoW
GetKeyState
MessageBoxW
GetAsyncKeyState
GetMessagePos
AdjustWindowRectEx
EnableWindow
IsWindow
RegisterWindowMessageW
IsIconic
IntersectRect
IsRectEmpty
SetRect
FillRect
EnableMenuItem
GetSubMenu
LoadMenuW
PostMessageW
GetSystemMenu
InvalidateRect
OpenClipboard
GetProcessWindowStation
LoadCursorW
DrawIconEx
GetIconInfo
CloseClipboard
SetClipboardData
EmptyClipboard
SetCursor
ReleaseDC
GetDC
GetCursorPos
SetWindowLongW
CloseDesktop
GetUserObjectInformationW
OpenDesktopW
OpenInputDesktop
SetThreadDesktop
GetThreadDesktop
WinHelpW
RedrawWindow
DrawIcon
AppendMenuW
SendMessageW
LoadIconW
UnregisterHotKey
wsprintfW
RegisterHotKey
GetUserObjectSecurity
SetForegroundWindow

mag_hook

_GetPopupInfo@4
_InstallEventHook@4
_SetZoomRect@8
_FakeCursorMove@8

shell32

ord258
SHAppBarMessage
ShellExecuteW

ole32

CoUninitialize
CoInitialize

comctl32

ord17

psapi

GetProcessImageFileNameW
EnumProcesses

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

20f30398beae32b86d10ffa7cd5eddbd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc42u

msvcrt

advapi32

kernel32

gdi32

user32

mag_hook

shell32

ole32

comctl32

psapi

Sections

.text Size: 38KB - Virtual size: 37KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 31KB - Virtual size: 30KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 38KB - Virtual size: 37KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 31KB - Virtual size: 30KB

UPX0
Size: 144KB - Virtual size: 380KB