ae835d775b99c5b3eb6d617548b0e788_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ae835d775b99c5b3eb6d617548b0e788_JaffaCakes118
Size

38KB
MD5

ae835d775b99c5b3eb6d617548b0e788
SHA1

ba3a8a67b2cbc72f8e8e9185b48debe851e81f9a
SHA256

c9477282dd94953ddf423b018eaa5ae3933f6dcd654486ea6628f846532fa302
SHA512

36b01a0834c97d66fb9316df3f48c4c5acbbb574d2673b08e7f03bb004086862a43f7fb7eed2b822a9c390b9ae9ef688a712b23d89da5f765882a8efe3bc8a1c
SSDEEP

768:72wkg1Yn1Xqt8KMOoIrgmdcJdDOmP73njnzekACbZrr:7/pYIt8KMOoItcemP73njnzekACbZ/

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ae835d775b99c5b3eb6d617548b0e788_JaffaCakes118

Files

ae835d775b99c5b3eb6d617548b0e788_JaffaCakes118
.dll windows:4 windows x86 arch:x86

2f055295227b1b3f6da2af3112495d8c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

htons
inet_addr
socket
recv
send
connect
closesocket
WSACleanup
inet_ntoa
gethostbyname
WSAStartup

ole32

CoInitialize
CoCreateInstance
CoUninitialize

shlwapi

PathFileExistsA

msvcrt

_adjust_fdiv
_access
_initterm
free
_onexit
__dllonexit
rename
sscanf
fread
strchr
malloc
wcscmp
atoi
strncpy
strstr
remove
strncat
fopen
strtok
fgets
sprintf
fwrite
fclose
_stricmp

gdiplus

GdipLoadImageFromFile
GdipCloneImage
GdipAlloc
GdipGetImageEncodersSize
GdipDisposeImage
GdipSaveImageToFile
GdipGetImageEncoders
GdiplusStartup
GdipFree

netapi32

Netbios

mfc42

ord537
ord800

kernel32

GetLocalTime
GetModuleHandleA
CreateEventA
GetSystemDirectoryA
GetFileSize
ExitProcess
GlobalAlloc
GlobalLock
CreateFileA
WriteFile
GlobalUnlock
GlobalFree
FindNextFileA
FindFirstFileA
MultiByteToWideChar
CompareFileTime
Sleep
WaitForSingleObject
IsBadReadPtr
SetEvent
CloseHandle
CreateToolhelp32Snapshot
GetModuleFileNameA
Process32Next
TerminateProcess
OpenProcess
CreateThread
DeleteFileA
VirtualProtect
CopyFileA
LoadLibraryA
GetProcAddress
Process32First

user32

GetKeyboardState
MapVirtualKeyA
DrawTextA
FillRect
GetDC
ToAscii
ReleaseDC
GetWindowRect
GetDesktopWindow

gdi32

CreateFontA
DeleteDC
CreateDCA
GetDeviceCaps
GetObjectA
GetStockObject
SelectPalette
RealizePalette
GetDIBits
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
SetTextColor
CreateSolidBrush
SetBkMode
DeleteObject

advapi32

RegSetValueExA
RegOpenKeyExA
RegCloseKey

shell32

ShellExecuteA
SHGetSpecialFolderPathA

Exports

Exports

COMResModuleInstance
UHbabNASBBAS

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 985KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UPX0
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.UPX1
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2f055295227b1b3f6da2af3112495d8c

Headers

File Characteristics

Imports

ws2_32

ole32

shlwapi

msvcrt

gdiplus

netapi32

mfc42

kernel32

user32

gdi32

advapi32

shell32

Exports

Exports

Sections

.text Size: 13KB - Virtual size: 13KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 2KB - Virtual size: 985KB

.UPX0 Size: 4KB - Virtual size: 3KB

.UPX1 Size: 11KB - Virtual size: 11KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 13KB - Virtual size: 13KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 2KB - Virtual size: 985KB

.UPX0
Size: 4KB - Virtual size: 3KB

.UPX1
Size: 11KB - Virtual size: 11KB

.reloc
Size: 1KB - Virtual size: 1KB