95c78580a6bd5f55b7b3bcfb23e94442_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

95c78580a6bd5f55b7b3bcfb23e94442_JaffaCakes118
Size

244KB
MD5

95c78580a6bd5f55b7b3bcfb23e94442
SHA1

058765ca857adcc835c6487f7e9967d93f80cce3
SHA256

6d20fd5a0046842f830a6e5683cf4472e40326e80be456126b7dc26bf3816bc3
SHA512

efc4c4a677e6001e11cac24dee8bb95d096add8a336bec78f3536f508af4e40a0b8d4816f83692a6cd38cdbac6f925c47e9954324f54f4b61d2243773cff3b89
SSDEEP

6144:YJzlT8ZGXGEkKK7F0vmM2aG7vbB1FNOA7M8vkj1uyeEq:6x8ZOGEc7wmM2PvbB1yAHv6

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
95c78580a6bd5f55b7b3bcfb23e94442_JaffaCakes118

Files

95c78580a6bd5f55b7b3bcfb23e94442_JaffaCakes118
.exe windows:6 windows x86 arch:x86

41f834fd54f32df1c6cd2276316fa8f7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ieUnAtt.pdb

Imports

advapi32

RegCloseKey
RegQueryInfoKeyW
RegDeleteKeyW
RegEnumKeyExW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegEnumValueW
SetSecurityDescriptorOwner
RegSetKeySecurity
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
CryptReleaseContext
CryptDestroyHash
CryptDestroyKey
CryptDecrypt
CryptEncrypt
CryptSetKeyParam
CryptGetKeyParam
CryptGetHashParam
CryptGenRandom
CryptDuplicateKey
CryptDeriveKey
CryptHashData
CryptDuplicateHash
CryptCreateHash
CryptAcquireContextW
SetSecurityInfo
GetSecurityInfo
IsValidSid
LookupAccountSidW
LookupAccountNameW
GetUserNameW
RegFlushKey
RegDeleteValueW
RegUnLoadKeyW
RegLoadKeyW
InitializeSecurityDescriptor
OpenThreadToken
GetTokenInformation
GetLengthSid
InitializeAcl
AddAccessAllowedAce
EqualSid
SetSecurityDescriptorDacl
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
SetNamedSecurityInfoW

kernel32

GlobalLock
GlobalAlloc
HeapWalk
HeapValidate
HeapCompact
GlobalMemoryStatus
GetVersionExW
GetVersionExA
ResetEvent
CreateThread
WaitForMultipleObjects
GlobalSize
FreeLibrary
SetEvent
RemoveDirectoryW
ReadFile
HeapDestroy
HeapCreate
IsDebuggerPresent
OutputDebugStringA
MultiByteToWideChar
WideCharToMultiByte
FlushFileBuffers
GetFileSizeEx
CreateDirectoryW
GlobalUnlock
GetModuleHandleW
GetProcAddress
ExpandEnvironmentStringsA
LoadLibraryA
CopyFileW
MoveFileW
MoveFileExW
GetLogicalDriveStringsW
GetLogicalDrives
GetDriveTypeW
DuplicateHandle
SetFileAttributesW
GetShortPathNameW
CreateProcessW
CreateProcessA
OpenProcess
GetVolumeInformationW
SetFileTime
SetEndOfFile
OpenEventW
GetComputerNameW
GetOverlappedResult
GetFileType
GetDiskFreeSpaceW
GetDiskFreeSpaceExW
GetPrivateProfileStringW
LoadLibraryW
GetExitCodeProcess
GetLocaleInfoW
VirtualAlloc
VirtualFree
DeviceIoControl
DebugBreak
GlobalFree
HeapSize
lstrlenW
lstrcmpiW
WritePrivateProfileStringW
GetCommandLineW
LocalFree
GetLastError
CreateEventW
InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoA
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
LocalAlloc
ExpandEnvironmentStringsW
GetFileAttributesW
SetErrorMode
GetFullPathNameW
FindClose
FindNextFileW
FindFirstFileW
GetWindowsDirectoryW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetProcessHeap
HeapFree
VirtualQuery
MapViewOfFile
CreateFileMappingW
GetFileSize
UnmapViewOfFile
TlsAlloc
GetLocalTime
TlsSetValue
HeapReAlloc
HeapAlloc
TlsGetValue
GetTempFileNameW
GetTempPathW
SetLastError
FormatMessageW
RaiseException
ExitProcess
TlsFree
GetWindowsDirectoryA
CloseHandle
GetCurrentThread
ReleaseMutex
WaitForSingleObject
SetFilePointer
WriteFile
GetModuleFileNameA
CreateMutexW
CreateFileW
GetModuleFileNameW
DeleteFileW
GetVersion
GetSystemInfo
CreateMutexA
CreateFileMappingA
CreateFileA
DeleteFileA

msvcrt

free
towlower
_onexit
_wfopen
_cexit
__getmainargs
_vsnwprintf
iswspace
??3@YAXPAX@Z
??2@YAPAXI@Z
memset
_wcsnicmp
wcsncmp
_itow_s
fgetws
fclose
wcstok
_wtoi
swscanf_s
iswctype
_wcsicmp
wcsrchr
__CxxFrameHandler3
_vsnprintf
memcpy
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_except_handler4_common
_controlfp
_unlock
__dllonexit
_lock
??1type_info@@UAE@XZ
_purecall
feof

ole32

CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoInitialize
CoCreateGuid
GetHGlobalFromStream
CoInitializeEx
CreateStreamOnHGlobal

shell32

SHGetFolderPathW
CommandLineToArgvW
ExtractIconExW
ShellExecuteExW
ord165

shlwapi

PathAppendW
ord158
StrChrW
StrCmpW

user32

LoadStringW
PostMessageW
LoadIconW
MessageBoxW
MessageBoxA
UnregisterClassA

ws2_32

select
connect
sendto
recvfrom
recv
getsockname
shutdown
listen
ioctlsocket
bind
send
accept
getsockopt
gethostbyname
gethostname
htons
htonl
inet_ntoa
inet_addr
closesocket
socket
WSAGetLastError
WSACleanup
WSAStartup
WSAIoctl
__WSAFDIsSet
setsockopt

dbghelp

MiniDumpWriteDump

iphlpapi

GetIpAddrTable

oleaut32

VariantTimeToSystemTime
VariantClear
SystemTimeToVariantTime

Exports

Exports

??0?$CDynamicArray@EPAE@@QAE@I@Z
??0?$CDynamicArray@EPAUSKey@@@@QAE@I@Z
??0?$CDynamicArray@EPAUSValue@@@@QAE@I@Z
??0?$CDynamicArray@GPAG@@QAE@I@Z
??0?$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@QAE@I@Z
??0?$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QAE@I@Z
??0?$CDynamicArray@_KPA_K@@QAE@I@Z
??1?$CDynamicArray@EPAE@@QAE@XZ
??1?$CDynamicArray@EPAUSKey@@@@QAE@XZ
??1?$CDynamicArray@EPAUSValue@@@@QAE@XZ
??1?$CDynamicArray@GPAG@@QAE@XZ
??1?$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@QAE@XZ
??1?$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QAE@XZ
??1?$CDynamicArray@_KPA_K@@QAE@XZ
??4?$CDynamicArray@EPAE@@QAEAAV0@ABV0@@Z
??4?$CDynamicArray@EPAUSKey@@@@QAEAAV0@ABV0@@Z
??4?$CDynamicArray@EPAUSValue@@@@QAEAAV0@ABV0@@Z
??4?$CDynamicArray@GPAG@@QAEAAV0@ABV0@@Z
??4?$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@QAEAAV0@ABV0@@Z
??4?$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QAEAAV0@ABV0@@Z
??4?$CDynamicArray@_KPA_K@@QAEAAV0@ABV0@@Z
??A?$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@QAEAAPAUSEnumBinContext@@I@Z
??A?$CDynamicArray@_KPA_K@@QAEAA_KI@Z
??B?$CDynamicArray@EPAUSKey@@@@QBEPAUSKey@@XZ
??B?$CDynamicArray@EPAUSValue@@@@QBEPAUSValue@@XZ
??B?$CDynamicArray@GPAG@@QBEPAGXZ
??C?$CDynamicArray@EPAUSKey@@@@QBEPAUSKey@@XZ
??C?$CDynamicArray@EPAUSValue@@@@QBEPAUSValue@@XZ
??_F?$CDynamicArray@EPAE@@QAEXXZ
??_F?$CDynamicArray@EPAUSKey@@@@QAEXXZ
??_F?$CDynamicArray@EPAUSValue@@@@QAEXXZ
??_F?$CDynamicArray@GPAG@@QAEXXZ
??_F?$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@QAEXXZ
??_F?$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QAEXXZ
??_F?$CDynamicArray@_KPA_K@@QAEXXZ
?Add@?$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@QAEHAAPAUSEnumBinContext@@@Z
?Add@?$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QAEHAAUSKeeperEntry@CBlackboardFactory@@@Z
?Add@?$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QAEHAAUSKeeperEntry@CBlackboardFactory@@AAI@Z
?Add@?$CDynamicArray@_KPA_K@@QAEHAA_K@Z
?ElementAt@?$CDynamicArray@GPAG@@QAEAAGI@Z
?ElementAt@?$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QAEAAUSKeeperEntry@CBlackboardFactory@@I@Z
?GetBuffer@?$CDynamicArray@EPAE@@QAEPAEI@Z
?GetBuffer@?$CDynamicArray@EPAUSValue@@@@QAEPAUSValue@@I@Z
?GetBuffer@?$CDynamicArray@GPAG@@QAEPAGI@Z
?GetSize@?$CDynamicArray@EPAE@@QBEIXZ
?GetSize@?$CDynamicArray@GPAG@@QBEIXZ
?GetSize@?$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@QBEIXZ
?GetSize@?$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QBEIXZ
?GetSize@?$CDynamicArray@_KPA_K@@QBEIXZ
?Init@?$CDynamicArray@EPAE@@IAEXI@Z
?Init@?$CDynamicArray@EPAUSKey@@@@IAEXI@Z
?Init@?$CDynamicArray@EPAUSValue@@@@IAEXI@Z
?Init@?$CDynamicArray@GPAG@@IAEXI@Z
?Init@?$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@IAEXI@Z
?Init@?$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@IAEXI@Z
?Init@?$CDynamicArray@_KPA_K@@IAEXI@Z
?RemoveAll@?$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QAEXXZ
?RemoveAll@?$CDynamicArray@_KPA_K@@QAEXXZ
?RemoveItemFromTail@?$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@QAEXXZ
?SetSize@?$CDynamicArray@EPAE@@QAEHK@Z
?SetSize@?$CDynamicArray@EPAUSKey@@@@QAEHK@Z
?SetSize@?$CDynamicArray@EPAUSValue@@@@QAEHK@Z
?SetSize@?$CDynamicArray@GPAG@@QAEHK@Z
?SetSize@?$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@QAEHK@Z
?SetSize@?$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QAEHK@Z
?SetSize@?$CDynamicArray@_KPA_K@@QAEHK@Z

Sections

.text
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 15KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

41f834fd54f32df1c6cd2276316fa8f7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

ole32

shell32

shlwapi

user32

ws2_32

dbghelp

iphlpapi

oleaut32

Exports

Exports

Sections

.text Size: 106KB - Virtual size: 105KB

.data Size: 15KB - Virtual size: 18KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 11KB - Virtual size: 10KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 106KB - Virtual size: 105KB

.data
Size: 15KB - Virtual size: 18KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 11KB - Virtual size: 10KB

.UPX0
Size: 108KB - Virtual size: 260KB