ad99bef18b4eea4d971befc17a74668d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ad99bef18b4eea4d971befc17a74668d_JaffaCakes118
Size

202KB
MD5

ad99bef18b4eea4d971befc17a74668d
SHA1

d1a106cc22c24025d76b478b5ba56626b6b50cd2
SHA256

237d8e23835ae9998ba857ef55f9337ac0699816110a1e2bd8ec8796dcba000d
SHA512

aadf4f20027659356ccf6e448d8414b06d2e679683a78209b76491ea52157d801667548d28a3f3f435ec03767a96c4db3e422d5210d91324c97533343dea58eb
SSDEEP

6144:aj5PcACebr+AqMX+CMsJ1hgdT9tYJq5cM1nHsvAj/rZIBeR44mpWrsTSyXdmuDWn:utcACebr+AqMX+CMsJ1hgdT9tYJq5cMV

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad99bef18b4eea4d971befc17a74668d_JaffaCakes118

Files

ad99bef18b4eea4d971befc17a74668d_JaffaCakes118
.exe windows:6 windows x86 arch:x86

f7b8cbe869a343f05f6a7a889e7b5a1d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

appidpolicyconverter.pdb

Imports

msvcrt

??1type_info@@UAE@XZ
__CxxFrameHandler3
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_controlfp
_XcptFilter
toupper
_vsnwprintf_s
__RTDynamicCast
memcpy_s
_except_handler4_common
memmove_s
??0exception@@QAE@ABQBD@Z
_exit
_cexit
__wgetmainargs
_callnewh
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@XZ
malloc
free
_CxxThrowException
wcsstr
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_purecall
wcstol
_wtoi
exit
_ui64tow_s

ntdll

EtwTraceMessage
EtwGetTraceEnableFlags
EtwEventRegister
EtwEventWrite
EtwEventUnregister
RtlNtStatusToDosErrorNoTeb
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel

api-ms-win-core-localregistry-l1-1-0

RegDeleteTreeW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegEnumKeyExW

slc

SLGetWindowsInformationDWORD

kernel32

InterlockedDecrement
GetCurrentProcess
TerminateProcess
CreateBoundaryDescriptorW
GetCurrentThreadId
GetTickCount
CreateMutexExW
WaitForSingleObject
HeapSetInformation
SleepEx
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedIncrement
Sleep
InterlockedExchange
LoadLibraryExA
InterlockedCompareExchange
FreeLibrary
AddSIDToBoundaryDescriptor
CreatePrivateNamespaceW
OpenPrivateNamespaceW
DeleteBoundaryDescriptor
GetSystemTimeAsFileTime
UnhandledExceptionFilter
QueryPerformanceCounter
GetProcAddress
DelayLoadFailureHook
LocalFree
GetLastError
CloseHandle
DeviceIoControl
CreateFileW
ClosePrivateNamespace
GetCurrentProcessId
ReleaseMutex

appidapi

AppIDEncodeAttributeString
AppIDFreeAttributeString

rpcrt4

UuidToStringW
UuidFromStringW
RpcStringFreeW

Sections

.text
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f7b8cbe869a343f05f6a7a889e7b5a1d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

api-ms-win-core-localregistry-l1-1-0

slc

kernel32

appidapi

rpcrt4

Sections

.text Size: 78KB - Virtual size: 78KB

.data Size: 3KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 9KB - Virtual size: 9KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 78KB - Virtual size: 78KB

.data
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 9KB - Virtual size: 9KB

.UPX0
Size: 108KB - Virtual size: 260KB