a1bfe47e9d1c87c721ef0e51bc38d7e6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a1bfe47e9d1c87c721ef0e51bc38d7e6_JaffaCakes118
Size

133KB
MD5

a1bfe47e9d1c87c721ef0e51bc38d7e6
SHA1

d55b598e1489a2e41e37947c504d1597d3ac1144
SHA256

3052d6d95359816274ad74921e1d3f3fbe9fab320ea9cd7b7db149a5ea4e1e6b
SHA512

4a411010d4f3cb4fd9feaf512ad9d7881aabc570534ac49674ca995105275b6ec19038f19abb8be688aedaf34ae57b19c5217adcc55ed2bb8f0e7a6973784aed
SSDEEP

3072:gJyi3WaA+lQ5D9fl4n91KsleoJdRUpfsbFXOCE:gJy7cQ5P4v5HlAV

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a1bfe47e9d1c87c721ef0e51bc38d7e6_JaffaCakes118

Files

a1bfe47e9d1c87c721ef0e51bc38d7e6_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ccb5b83905d0a7d540192b4308ba3f71

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

userinit.pdb

Imports

user32

CreateWindowExW
DestroyWindow
RegisterClassExW
DefWindowProcW
LoadRemoteFonts
LoadStringW
MessageBoxW
ExitWindowsEx
GetSystemMetrics
GetKeyboardLayout
SystemParametersInfoW
GetDesktopWindow
CharNextW

advapi32

RegOpenKeyExA
ReportEventW
OpenProcessToken
RegisterEventSourceW
DeregisterEventSource
RegCreateKeyExW
RegSetValueExW
GetUserNameW
RegQueryValueExW
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
RegQueryValueExA

crypt32

CryptProtectData

winspool.drv

SpoolerInit

ntdll

RtlConvertSidToUnicodeString
NtQueryInformationToken
RtlLengthSid
RtlCopySid
wcslen
DbgPrint
RtlInitUnicodeString
NtOpenKey
NtClose
_wcsicmp
wcscmp
memmove
_vsnwprintf
RtlFreeUnicodeString
_itow

userenv

ord175

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_initterm
_controlfp
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_adjust_fdiv
__getmainargs

kernel32

SetEnvironmentVariableW
lstrlenW
GetVersionExW
LocalFree
GetLastError
GetEnvironmentVariableW
FreeLibrary
GetProcAddress
LoadLibraryW
CompareFileTime
CloseHandle
LocalAlloc
WaitForSingleObject
DelayLoadFailureHook
GetStartupInfoA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
LoadLibraryA
InterlockedCompareExchange
GetSystemTime
LocalReAlloc
lstrcmpW
GetCurrentThread
SetThreadPriority
CreateThread
GetCurrentProcess
GetFileAttributesExW
GetSystemDirectoryW
SetCurrentDirectoryW
FormatMessageW
CompareStringW
SetLastError
ExpandEnvironmentStringsW
CreateProcessW
GetUserDefaultLangID
Sleep
GetCurrentProcessId
SetEvent
OpenEventW
SearchPathW

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ccb5b83905d0a7d540192b4308ba3f71

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

user32

advapi32

crypt32

winspool.drv

ntdll

userenv

msvcrt

kernel32

Sections

.text Size: 21KB - Virtual size: 20KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 3KB - Virtual size: 2KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 21KB - Virtual size: 20KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 2KB

.UPX0
Size: 108KB - Virtual size: 260KB