8eba9c0a6ae8fd0c7b44a94c93b9a2fa_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8eba9c0a6ae8fd0c7b44a94c93b9a2fa_JaffaCakes118
Size

183KB
MD5

8eba9c0a6ae8fd0c7b44a94c93b9a2fa
SHA1

fa57c07521610009a2c50b337055ce0bae36202e
SHA256

f925986367814a55562a8ceb7488925bad7e0beedc1710ff1cd85faaf0f91ed4
SHA512

64dfb965c916ab1a3b9f807c52677495f2374c00f4f234c3868e53f5eb98a4db7fcb23eb349fbfd81a5c0dabf687ec98aa5f1cfa62a8e375a191c254b8d4759c
SSDEEP

3072:cCChqu4f6w7a36zuTHHRtFuWp9Ixy+sS8bGTyhoA2VDnb1S/ccR5D:IIu4f6w7yXnRt0GmpTyh52dk/cGD

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8eba9c0a6ae8fd0c7b44a94c93b9a2fa_JaffaCakes118

Files

8eba9c0a6ae8fd0c7b44a94c93b9a2fa_JaffaCakes118
.exe windows:4 windows x86 arch:x86

626c5658f5356ddcb9dbe76556ca95a3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
SetFilePointer
FlushFileBuffers
SetEndOfFile
GetFileAttributesA
GetCurrentProcess
RtlUnwind
HeapFree
HeapAlloc
ExitProcess
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetStartupInfoA
RaiseException
HeapSize
GetCurrentThreadId
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
CloseHandle
GetTempPathA
GetSystemDirectoryA
DeleteFileA
CreateProcessA
GetModuleFileNameA
CreateToolhelp32Snapshot
Process32First
GetCPInfo
GetOEMCP
lstrcmpA
GlobalFlags
GetProcessVersion
lstrcatA
GlobalAddAtomA
GlobalGetAtomNameA
lstrcmpiA
lstrcpyA
GlobalFindAtomA
GlobalDeleteAtom
GetModuleHandleA
OpenProcess
Sleep
LCMapStringA
GetVersion
Process32Next
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
LocalFree
LocalAlloc
lstrcpynA
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
LoadLibraryA
GetProcAddress
FreeLibrary
MoveFileA
CopyFileA
WinExec
GetTempFileNameA
GetCurrentProcessId
GetCommandLineA
WaitForSingleObject
CreateMutexA
GetLastError
GlobalAlloc
GlobalLock
CreateFileA
WriteFile
GlobalUnlock
GlobalFree
LCMapStringW
HeapDestroy
HeapReAlloc
GetACP
TerminateProcess

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegSetValueExA

comctl32

gdi32

RealizePalette
GetStockObject
GetObjectA
DeleteDC
BitBlt
SelectObject
CreateCompatibleBitmap
GetDeviceCaps
CreateCompatibleDC
CreateDCA
CreateBitmap
GetClipBox
SetTextColor
SetBkColor
DeleteObject
SaveDC
RestoreDC
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
PtVisible
RectVisible
ExtTextOutA
Escape
TextOutA
GetDIBits
SelectPalette

user32

CopyRect
GetClientRect
AdjustWindowRectEx
SetFocus
GetSysColor
MapWindowPoints
SetWindowTextA
GetSysColorBrush
GetClassNameA
PtInRect
ClientToScreen
DestroyMenu
TabbedTextOutA
DrawTextA
GrayStringA
GetCapture
WinHelpA
GetClassInfoA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetDlgItem
DestroyWindow
GetClassLongA
GetTopWindow
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetKeyState
CallNextHookEx
PeekMessageA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
SendMessageA
EnableWindow
UnhookWindowsHookEx
LoadStringA
GetActiveWindow
FindWindowA
IsWindow
MessageBoxA
GetWindowThreadProcessId
wsprintfA
DefWindowProcA
KillTimer
SetTimer
PostQuitMessage
LoadIconA
LoadCursorA
RegisterClassA
CreateWindowExA
ShowWindow
UpdateWindow
GetMessageA
GetDlgCtrlID
GetWindowTextA
SetPropA
TranslateMessage
DispatchMessageA
GetDC
ReleaseDC
PostMessageA
EnumWindows
SetWindowsHookExA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

Sections

UPX0
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

626c5658f5356ddcb9dbe76556ca95a3

Headers

File Characteristics

Imports

kernel32

advapi32

comctl32

gdi32

user32

winspool.drv

Sections

UPX0 Size: 172KB - Virtual size: 172KB

.avp Size: 5KB - Virtual size: 8KB

UPX0
Size: 172KB - Virtual size: 172KB

.avp
Size: 5KB - Virtual size: 8KB