af62a9ed6652fa8bf461eacc98d43f46_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

af62a9ed6652fa8bf461eacc98d43f46_JaffaCakes118
Size

196KB
MD5

af62a9ed6652fa8bf461eacc98d43f46
SHA1

0012548c6d71dad01444f1446482b52aca6d221e
SHA256

8c13f6d5f8d66abfc93d0561e2c2e3d246d461a54136c58ed2d77c57097bdff4
SHA512

9a262557cdbc361f2cfe105a6619ccc4bfc6fe7f9e977fc920cdd9a8ccb6148d43f0818ef2339897bebfc995c43ba8d70a453e7c3cc4c8dc01b75b8c2a11fbbb
SSDEEP

768:bac8XHMGxBaYv+QtewanX/ysgeoeVmW+gVXATAGNgTyhi:eXH0YvHtewaX/ysYTiMB8

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
af62a9ed6652fa8bf461eacc98d43f46_JaffaCakes118

Files

af62a9ed6652fa8bf461eacc98d43f46_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e4047eb7f0e572aa47cc5a12431bb27f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateDirectoryA
CreateEventA
CreateFileA
CreateFileMappingA
CreateNamedPipeA
CreateProcessA
CreateThread
DeleteFileA
DeviceIoControl
ExitThread
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCurrentProcessId
GetCurrentThreadId
GetFileSize
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetSystemDirectoryA
GetTempPathA
ConnectNamedPipe
HeapAlloc
HeapFree
IsBadCodePtr
LoadLibraryA
LocalAlloc
LocalFree
LockFile
MapViewOfFile
OpenProcess
ReadFile
RtlZeroMemory
SetFilePointer
Sleep
UnmapViewOfFile
VirtualAlloc
VirtualProtectEx
WaitForSingleObject
WideCharToMultiByte
_llseek
_lread
_lwrite
lstrcatA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA
CloseHandle
GetTickCount
TerminateThread
CreateDirectoryA
CreateEventA
CreateFileA
CreateFileMappingA
CreateNamedPipeA
CreateProcessA
CreateThread
DeleteFileA
DeviceIoControl
ExitThread
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCurrentProcessId
GetCurrentThreadId
GetFileSize
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetSystemDirectoryA
GetTempPathA
ConnectNamedPipe
HeapAlloc
HeapFree
IsBadCodePtr
LoadLibraryA
LocalAlloc
LocalFree
LockFile
MapViewOfFile
OpenProcess
ReadFile
RtlZeroMemory
SetFilePointer
Sleep
UnmapViewOfFile
VirtualAlloc
VirtualProtectEx
WaitForSingleObject
WideCharToMultiByte
_llseek
_lread
_lwrite
lstrcatA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA
CloseHandle
GetTickCount
TerminateThread

advapi32

RegCloseKey
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegNotifyChangeKeyValue
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegCreateKeyA

ole32

CoTaskMemFree

shell32

ShellExecuteA

user32

GetWindowTextA
GetForegroundWindow
GetDlgItemTextA
GetClassNameA
EnumChildWindows
CharLowerA
wsprintfA

wininet

InternetOpenA
InternetQueryDataAvailable
InternetReadFile
HttpOpenRequestA
InternetConnectA

ws2_32

Exports

Exports

lgn1216a

Sections

UPX0
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e4047eb7f0e572aa47cc5a12431bb27f

Headers

File Characteristics

Imports

kernel32

advapi32

ole32

shell32

user32

wininet

ws2_32

Exports

Exports

Sections

UPX0 Size: 188KB - Virtual size: 188KB

.rsrc Size: 1024B - Virtual size: 4KB

.avc Size: 3KB - Virtual size: 4KB

UPX0
Size: 188KB - Virtual size: 188KB

.rsrc
Size: 1024B - Virtual size: 4KB

.avc
Size: 3KB - Virtual size: 4KB