8d6e7e56eb813261c1c2699b12f5836b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8d6e7e56eb813261c1c2699b12f5836b_JaffaCakes118
Size

317KB
MD5

8d6e7e56eb813261c1c2699b12f5836b
SHA1

f932edd386c4cf83b4bb864b9f5811d3249125aa
SHA256

19f111bd73662f032da35daeb3031ae7b035d9a7e5718674d89ec1f14047920b
SHA512

736ca029fed25d54241a7ed6e53a3e616305d1e5e9253ad481e234c05f73dd94049c7c2bf36e4055eba9f21840ace0c9ee17422035ab84270d12845dd56d6c59
SSDEEP

6144:YDe7lKbSlMg/yO9JFBdGHv/JRxo2Jptvt:xHlMW7duv/JRxXtvt

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8d6e7e56eb813261c1c2699b12f5836b_JaffaCakes118

Files

8d6e7e56eb813261c1c2699b12f5836b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

441ae27e83ab37874d41564217733297

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

icwconn1.pdb

Imports

msvcrt

swscanf
free
malloc
_vsnwprintf
_except_handler3
_wmakepath
_wsplitpath
??3@YAXPAX@Z
memmove
_wtoi
??2@YAPAXI@Z
setlocale

advapi32

RegOpenKeyExA
RegQueryValueExA
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCreateKeyW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueW
RegDeleteValueW
RegQueryValueExW
RegOpenKeyW
RegCloseKey

kernel32

GetLastError
GetModuleHandleW
CloseHandle
CreateFileW
GetFileAttributesW
lstrlenW
GetProcAddress
GlobalAlloc
CreateProcessW
LoadLibraryW
SetLastError
GetModuleFileNameW
OutputDebugStringA
GetPrivateProfileIntW
SetCurrentDirectoryW
GetWindowsDirectoryW
GetCurrentDirectoryW
LocalFree
LocalAlloc
LoadLibraryA
FreeLibrary
RemoveDirectoryW
FindClose
FindNextFileW
DeleteFileW
SetFileAttributesW
FindFirstFileW
GlobalFree
SetErrorMode
GetCommandLineW
ExitProcess
CreateFileMappingW
InterlockedIncrement
InterlockedDecrement
FormatMessageW
MulDiv
GetCurrentProcess
GetVersionExW
TerminateProcess
GetExitCodeThread
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleA
GetSystemDirectoryW
lstrcatW
SearchPathW
GetPrivateProfileStringW
lstrcmpiW
lstrcpyW
lstrcpynW

gdi32

GetDeviceCaps
StretchBlt
BitBlt
SetTextColor
SetBkColor
GetTextMetricsW
SetMapMode
GetMapMode
CreateBitmap
DPtoLP
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
DeleteDC
GetStockObject
SetBkMode
DeleteObject
GetObjectW
CreateFontIndirectW

user32

GetClassInfoW
SendMessageW
CallWindowProcW
SetWindowLongW
MessageBoxW
wsprintfW
LoadStringW
TranslateAcceleratorW
GetWindowLongW
DispatchMessageW
TranslateMessage
DestroyWindow
GetMessageW
DialogBoxParamW
GetSysColor
GetDlgItem
MoveWindow
GetSystemMetrics
GetWindowRect
CheckRadioButton
EndDialog
IsDlgButtonChecked
GetDlgCtrlID
GetDC
WaitMessage
PeekMessageW
LoadStringA
LoadImageW
LoadAcceleratorsW
ReleaseDC
SetMessageQueue
BringWindowToTop
SetForegroundWindow
GetLastActivePopup
FindWindowW
PostMessageW
ShowWindow
GetParent
CharNextW
CharPrevW
SetWindowTextW
SetWindowPos
EnableWindow
MsgWaitForMultipleObjects
CheckDlgButton
GetWindowTextW
DefWindowProcW
FillRect
GetClientRect
GetSysColorBrush
LoadCursorW
SetCursor
ExitWindowsEx
SendDlgItemMessageW
UpdateWindow
MapWindowPoints
InvalidateRect
IsRectEmpty
GetUpdateRect
IsWindowVisible
EnumThreadWindows
GetFocus
SetFocus
IsWindowEnabled
GetWindow
EnumChildWindows
RegisterClassExW
CreateWindowExW
CreateDialogParamW
GetDesktopWindow
MessageBeep
IsChild
GetNextDlgTabItem
LoadIconW
PostQuitMessage
DrawFocusRect
InflateRect
OffsetRect
CopyRect
DrawTextW
RedrawWindow
EndPaint
DrawEdge
BeginPaint
DrawIcon
RegisterClassW
UnregisterClassW

shell32

SHGetPathFromIDListW
SHGetMalloc
ShellExecuteW
SHGetSpecialFolderLocation

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysFreeString

shlwapi

PathIsFileSpecW
PathIsURLW

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

441ae27e83ab37874d41564217733297

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

gdi32

user32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 60KB - Virtual size: 60KB

.data Size: 5KB - Virtual size: 10KB

.rsrc Size: 143KB - Virtual size: 142KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 60KB - Virtual size: 60KB

.data
Size: 5KB - Virtual size: 10KB

.rsrc
Size: 143KB - Virtual size: 142KB

.UPX0
Size: 108KB - Virtual size: 260KB