aa285c7ec22799fbed1ebe17de91e7c7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

aa285c7ec22799fbed1ebe17de91e7c7_JaffaCakes118
Size

173KB
MD5

aa285c7ec22799fbed1ebe17de91e7c7
SHA1

1b76cdd3bb8e1fd7252292edccba3779dc2ad946
SHA256

08210fab414a3a21f0379acf6b544d16ed593cb894239d6e504c05277cd63900
SHA512

69786f5f18eed9eb63281cea524a31a37197f84e6c6699961f1c4b53aa521f8b0b6bf70755fcb2790aa493e1c23fc49abbac50c5b1263dcec5c84518a1511886
SSDEEP

3072:aebV0y1zHLaYAKG7Je1Fys5ST6k9MCRB4gOY2Btj4ZyQ0Y60v5nt/:3yEHLaYAxJedmlgU6e/

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aa285c7ec22799fbed1ebe17de91e7c7_JaffaCakes118

Files

aa285c7ec22799fbed1ebe17de91e7c7_JaffaCakes118
.dll windows:4 windows x86 arch:x86

2476abb67cc5dfe6a061a0dc4b820189

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
SetFilePointer
HeapSize
GetLocaleInfoA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetOEMCP
GetACP
GetCPInfo
CreateEventA
CloseHandle
InitializeCriticalSection
HeapReAlloc
HeapAlloc
HeapDestroy
ReadFile
EnterCriticalSection
WaitForSingleObject
GetMailslotInfo
LeaveCriticalSection
SetEvent
DeleteFileA
CreateProcessA
WriteFile
CreateFileA
GetSystemDirectoryA
CreateThread
HeapCreate
CreateMailslotW
GetTickCount
lstrcpyA
GetVersion
DeviceIoControl
Sleep
FindClose
FindNextFileA
FindFirstFileA
GetTimeZoneInformation
HeapFree
GetProcessHeap
lstrlenA
FreeLibrary
GetProcAddress
LoadLibraryA
GetLastError
GetTempFileNameA
GetModuleFileNameA
VirtualQuery
WideCharToMultiByte
SetLastError
GetModuleHandleA
GetVersionExA
lstrcpynA
DeleteCriticalSection
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
lstrcatA
SetEnvironmentVariableA
CompareStringW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
ExitProcess
IsDebuggerPresent
GetCurrentProcess
TerminateProcess
VirtualAlloc
VirtualFree
RaiseException
GetStdHandle
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetDateFormatA
GetTimeFormatA
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CompareStringA

advapi32

RegCreateKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA

gdiplus

GdipDrawImageRectI
GdipFree
GdipBitmapLockBits
GdipSetImagePalette
GdipGetImagePixelFormat
GdipCloneImage
GdipDrawImageI
GdipGraphicsClear
GdipGetImageGraphicsContext
GdiplusShutdown
GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipBitmapSetPixel
GdipBitmapGetPixel
GdipCreateBitmapFromScan0
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImageHeight
GdipGetImageWidth
GdipSaveImageToStream
GdipDisposeImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipDeleteGraphics
GdipAlloc
GdipBitmapUnlockBits

ole32

CoCreateGuid
CreateStreamOnHGlobal

user32

wsprintfA
DispatchMessageA
TranslateMessage
GetMessageA

ws2_32

WSAIoctl

wsock32

connect
select
__WSAFDIsSet
getsockopt
ioctlsocket
setsockopt
WSAGetLastError
WSAStartup
gethostbyname
recv
inet_addr
getsockname
gethostname
socket
closesocket
send
inet_ntoa
sendto
ntohs
htons

Exports

Exports

load
update_load

Sections

UPX0
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2476abb67cc5dfe6a061a0dc4b820189

Headers

File Characteristics

Imports

kernel32

advapi32

gdiplus

ole32

user32

ws2_32

wsock32

Exports

Exports

Sections

UPX0 Size: 168KB - Virtual size: 168KB

UPX2 Size: 1024B - Virtual size: 4KB

.avc Size: 3KB - Virtual size: 4KB

UPX0
Size: 168KB - Virtual size: 168KB

UPX2
Size: 1024B - Virtual size: 4KB

.avc
Size: 3KB - Virtual size: 4KB