a03485e9bc2a87d4bcead1b23a142f26_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a03485e9bc2a87d4bcead1b23a142f26_JaffaCakes118
Size

220KB
MD5

a03485e9bc2a87d4bcead1b23a142f26
SHA1

5a5727714adb4d8eb152c087e3d042ec3e9ea919
SHA256

0575a6365a76fa87596610e86e95499658c904dc31e4b9220d412fdb67de936b
SHA512

da2979306fba308c18f41a2c6218b81fe0c08962cb8cc3b79792d91db0ed011fde24bc086767363f0b9c15ccc69ab07035b1aaca75e31e7bded44a89c836fdca
SSDEEP

3072:BFUuaiTWtj85RlKEBT3hRXoY6qczFeyv24aMwnLcyy8BoqxE9H3/TcG:Ha7u5Rb3k9qczgytaMEcyFr+cG

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a03485e9bc2a87d4bcead1b23a142f26_JaffaCakes118

Files

a03485e9bc2a87d4bcead1b23a142f26_JaffaCakes118
.exe windows:5 windows x86 arch:x86

88e76d9c6fbf2b50a7411cf4dd4a5255

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

shrpubw.pdb

Imports

mfc42u

ord2613
ord6593
ord768
ord5155
ord5154
ord4899
ord4736
ord4942
ord4352
ord5261
ord4371
ord4848
ord4992
ord2506
ord6048
ord4073
ord1767
ord4401
ord5237
ord2377
ord5157
ord6370
ord4347
ord5283
ord3793
ord4829
ord4435
ord2640
ord2047
ord6372
ord3744
ord5059
ord1720
ord5257
ord6484
ord2116
ord5273
ord4621
ord4419
ord4253
ord5977
ord3087
ord2859
ord1662
ord2644
ord6481
ord4704
ord5949
ord2634
ord3092
ord4970
ord6211
ord1771
ord942
ord940
ord5706
ord5156
ord5852
ord4155
ord941
ord536
ord2933
ord1775
ord4197
ord2810
ord2755
ord6564
ord4269
ord538
ord6278
ord1569
ord6279
ord4124
ord4272
ord858
ord861
ord2820
ord1165
ord823
ord825
ord561
ord540
ord2606
ord815
ord800
ord3733
ord4418
ord4616
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5710
ord5285
ord5303
ord4692
ord4074
ord2717
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord2438

msvcrt

__CxxFrameHandler
iswspace
_wcsnicmp
wcslen
memmove
towupper
_c_exit
_XcptFilter
_cexit
exit
_wcmdln
__wgetmainargs
_initterm
wcschr
wcsrchr
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
??1type_info@@UAE@XZ
__dllonexit
_onexit
?terminate@@YAXXZ
_controlfp
_exit
wcscmp

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
FreeSid
GetLengthSid
AddAccessAllowedAce
MakeSelfRelativeSD
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
MapGenericMask
AllocateAndInitializeSid
LookupAccountNameW
GetSecurityDescriptorLength
GetSecurityDescriptorControl

kernel32

QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
LocalAlloc
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleA
GetStartupInfoW
CreateDirectoryW
GetFileAttributesW
GetComputerNameW
lstrcpyW
LoadLibraryW
GetLastError
FreeLibrary
TerminateProcess
LocalFree
GlobalAlloc
GetProcAddress
FormatMessageW
GetComputerNameExW
LoadLibraryA
lstrcmpiW

gdi32

CreateFontIndirectW
DeleteObject
GetDeviceCaps

user32

LoadImageW
SendMessageW
GetParent
EnableWindow
RegisterClipboardFormatW
LoadStringW
MessageBoxW
PostMessageW
SystemParametersInfoW
GetActiveWindow
ReleaseDC
GetDC

comctl32

DestroyPropertySheetPage
PropertySheetW
ord17
CreatePropertySheetPageW

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance

netapi32

NetApiBufferFree
I_NetPathType
NetServerDiskEnum
I_NetNameValidate
NetShareGetInfo
NetShareAdd
NetShareEnum
NetServerGetInfo

aclui

ord1

shell32

SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetPathFromIDListW
SHGetMalloc
SHChangeNotify
ord190
ord155
ord152
ord17
ord18
SHBrowseForFolderW
ord16

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

88e76d9c6fbf2b50a7411cf4dd4a5255

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc42u

msvcrt

advapi32

kernel32

gdi32

user32

comctl32

ole32

netapi32

aclui

shell32

Sections

.text Size: 31KB - Virtual size: 31KB

.data Size: 1024B - Virtual size: 992B

.rsrc Size: 42KB - Virtual size: 42KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 31KB - Virtual size: 31KB

.data
Size: 1024B - Virtual size: 992B

.rsrc
Size: 42KB - Virtual size: 42KB

UPX0
Size: 144KB - Virtual size: 380KB