af6edbb26dc9c0ec611637eeb0961e74_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

af6edbb26dc9c0ec611637eeb0961e74_JaffaCakes118
Size

397KB
MD5

af6edbb26dc9c0ec611637eeb0961e74
SHA1

f9b32b7d76fbc4ca9c4829ed8cd8302b4c83d6d9
SHA256

ac4ef2a8e83e7c141d47c72d709d2db4a95418546e13e7a4f836b09034b8fa61
SHA512

1a5a47993c1df189bb02ca84f20e333ccbd569a08dbe1a1a7ad5d0cfa333149b3ed82f0eca7bcaad009f34f94f9015ec948fb4020189797cb4e1b002afd5366b
SSDEEP

12288:R51oDTfKoyG8X+9Kh+7re23FbvKotZ+lm:v1eTfVyG8X+9E+DFbvZH+lm

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
af6edbb26dc9c0ec611637eeb0961e74_JaffaCakes118

Files

af6edbb26dc9c0ec611637eeb0961e74_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9c6fe9bf53551bd41c2fb36d5bb07c14

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SetWindowPlacement
PostQuitMessage
EndDialog
GetParent
EnableWindow
ShowWindow
GetWindowRect
LoadBitmapA
CreateWindowExA
DestroyWindow
SendMessageA
GetWindowLongA
SetWindowLongA
CharLowerW
CheckDlgButton
MessageBoxA
wsprintfA
KillTimer
IsDlgButtonChecked
SetDlgItemTextA
GetClassInfoW
GetClassInfoA
DialogBoxParamW
DialogBoxParamA
GetWindowTextLengthW
GetWindowTextW
GetWindowTextLengthA
GetWindowTextA
SetWindowTextW
SetWindowTextA
CreateWindowExW
RegisterClassW
RegisterClassA
SendMessageW
LoadStringW
LoadStringA
AppendMenuW
InsertMenuItemA
InsertMenuItemW
SetMenuItemInfoA
SetMenuItemInfoW
GetMenuItemInfoA
GetMenuItemInfoW
SetFocus
CharLowerA
CharUpperW
CharUpperA
ClientToScreen
GetCursorPos
AppendMenuA
TrackPopupMenuEx
ScreenToClient
IsWindowEnabled
ChildWindowFromPointEx
WindowFromPoint
RegisterClipboardFormatA
PostMessageA
MessageBoxW
SetWindowLongW
InvalidateRect
UpdateWindow
SetTimer
MapVirtualKeyA
CallWindowProcW
CallWindowProcA
GetKeyState
GetSubMenu
CreatePopupMenu
RemoveMenu
CheckMenuRadioItem
CheckMenuItem
GetMenuItemCount
GetMenu
LoadMenuA
SetMenu
DrawMenuBar
DestroyMenu
GetDlgItem
MoveWindow
IsZoomed
GetClientRect
ReleaseCapture
SetCapture
GetCapture
DefWindowProcW
DefWindowProcA
LoadAcceleratorsW
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
DispatchMessageA
LoadIconA
LoadCursorA
GetWindowPlacement

oleaut32

SysAllocString
VariantClear
SysFreeString

advapi32

RegOpenKeyExA
RegCloseKey
RegDeleteKeyA
RegEnumKeyExA
RegSetValueExA
RegSetValueExW
RegQueryValueExA
RegQueryValueExW
GetUserNameW
RegCreateKeyExA

shell32

SHGetFileInfoA
ShellExecuteExA
SHGetDesktopFolder
SHFileOperationA
SHGetMalloc
SHGetSpecialFolderLocation
SHChangeNotify
ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA

ole32

OleInitialize
RegisterDragDrop
RevokeDragDrop
OleUninitialize
CoInitialize
DoDragDrop
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoTaskMemAlloc

comctl32

ord17
PropertySheetA
PropertySheetW
CreateToolbarEx
CreateStatusWindowW
ImageList_Destroy
InitCommonControlsEx
ImageList_GetImageCount
ImageList_AddMasked
ImageList_Create

mpr

WNetGetResourceInformationW
WNetAddConnection2W
WNetAddConnection2A
WNetGetResourceInformationA
WNetGetResourceParentW
WNetGetResourceParentA
WNetEnumResourceW
WNetEnumResourceA
WNetCloseEnum
WNetOpenEnumW
WNetOpenEnumA

gdi32

DeleteObject

comdlg32

GetOpenFileNameW
GetOpenFileNameA

msvcrt

__setusermatherr
_adjust_fdiv
__p__commode
_initterm
__set_app_type
__getmainargs
_acmdln
exit
_XcptFilter
wcslen
??1type_info@@UAE@XZ
__dllonexit
_onexit
_wcsicmp
_except_handler3
?terminate@@YAXXZ
__p__fmode
_controlfp
_exit
sprintf
strlen
__CxxFrameHandler
_CxxThrowException
memcmp
_purecall
memset
memmove
memcpy
wcscpy
strcpy
malloc
free
qsort
srand
rand
_iob
fopen
fclose
getc

kernel32

GetFileSize
CreateFileW
CreateFileA
GetLogicalDriveStringsW
GetLogicalDriveStringsA
FindFirstChangeNotificationW
FindFirstChangeNotificationA
FindCloseChangeNotification
FindNextFileW
FindNextFileA
FindFirstFileW
FindFirstFileA
FindClose
GetTempFileNameW
GetTempFileNameA
GetTempPathW
GetTempPathA
SetCurrentDirectoryW
SetCurrentDirectoryA
GetFullPathNameW
GetFullPathNameA
lstrlenA
DeleteFileW
DeleteFileA
CreateDirectoryW
CreateDirectoryA
MoveFileW
MoveFileA
RemoveDirectoryW
RemoveDirectoryA
SetFileAttributesW
SetFileAttributesA
GetWindowsDirectoryW
GetWindowsDirectoryA
ReadFile
DeviceIoControl
FormatMessageW
SetFilePointer
LocalFree
GetModuleFileNameW
GetModuleFileNameA
LoadLibraryW
LoadLibraryExW
LoadLibraryExA
WideCharToMultiByte
MultiByteToWideChar
VirtualFree
VirtualAlloc
WaitForMultipleObjects
SetEvent
CreateProcessA
CreateProcessW
CompareFileTime
GlobalAlloc
GlobalFree
GlobalSize
GlobalLock
GlobalUnlock
CreateThread
CloseHandle
GetUserDefaultLangID
AreFileApisANSI
GetModuleHandleW
GetModuleHandleA
CopyFileA
WaitForSingleObject
FindNextChangeNotification
GetCompressedFileSizeW
GetDriveTypeA
GetCommandLineW
GetVersionExA
LoadLibraryA
FreeLibrary
DeleteCriticalSection
InitializeCriticalSection
GetProcAddress
WriteFile
GetVolumeInformationA
GetVolumeInformationW
GetDiskFreeSpaceA
GetCurrentProcess
FileTimeToSystemTime
HeapFree
GetProcessHeap
HeapAlloc
GetLastError
Sleep
InterlockedDecrement
InterlockedIncrement
EnterCriticalSection
LeaveCriticalSection
CreateEventA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetTickCount
FileTimeToLocalFileTime
lstrcatA
SetPriorityClass
GetStartupInfoA
FormatMessageA

Sections

.text
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 104KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9c6fe9bf53551bd41c2fb36d5bb07c14

Headers

File Characteristics

Imports

user32

oleaut32

advapi32

shell32

ole32

comctl32

mpr

gdi32

comdlg32

msvcrt

kernel32

Sections

.text Size: 200KB - Virtual size: 199KB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 8KB - Virtual size: 10KB

.rsrc Size: 40KB - Virtual size: 39KB

.UPX0 Size: 104KB - Virtual size: 252KB

.text
Size: 200KB - Virtual size: 199KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 8KB - Virtual size: 10KB

.rsrc
Size: 40KB - Virtual size: 39KB

.UPX0
Size: 104KB - Virtual size: 252KB