b0d59e6e8f874ce668eb6b461df4ef93_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b0d59e6e8f874ce668eb6b461df4ef93_JaffaCakes118
Size

213KB
MD5

b0d59e6e8f874ce668eb6b461df4ef93
SHA1

090a1b41438f747d1f7f4bfc7bf552be541a6329
SHA256

796ed868ae7521db25f5ce80d0b107141c9ff3386ac705e6d73b0728203f77e2
SHA512

9d26ca0a4abfef630c5cbc87cd94e81cc36ea46bf373a71df2006d741bc318edd2b27284261972d1f5f40d86cc1d78bb3665c8eca74ba799103d4744bd4185e6
SSDEEP

6144:+1iXyBJHF6fZXQ4PFadw+/5KsuvC4LjqRU8qqP:eiX8HF6mMa95KsuvCgj8U8qU

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b0d59e6e8f874ce668eb6b461df4ef93_JaffaCakes118

Files

b0d59e6e8f874ce668eb6b461df4ef93_JaffaCakes118
.exe windows:6 windows x86 arch:x86

ba2bb3557f7c74e1b31e60d4e2ffeef1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

RegisterIEPKEYs.pdb

Imports

kernel32

GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetProcessHeap
HeapFree
VirtualQuery
MapViewOfFile
CreateFileMappingW
GetFileSize
UnmapViewOfFile
TlsAlloc
GetLocalTime
HeapReAlloc
TlsSetValue
HeapAlloc
TlsGetValue
SetLastError
FormatMessageW
RaiseException
ExitProcess
TlsFree
GetWindowsDirectoryA
CloseHandle
GetCurrentThread
ReleaseMutex
WaitForSingleObject
SetFilePointer
WriteFile
GetModuleFileNameA
CreateMutexW
CreateFileW
GetModuleFileNameW
DeleteFileW
GetVersion
GetSystemInfo
CreateMutexA
CreateFileMappingA
CreateFileA
DeleteFileA
LoadLibraryA
ExpandEnvironmentStringsA
GetProcAddress
GetModuleHandleW
FlushFileBuffers
GetWindowsDirectoryW
MultiByteToWideChar
OutputDebugStringA
IsDebuggerPresent
GetTickCount
HeapCreate
HeapDestroy
DeviceIoControl
LocalAlloc
GetEnvironmentVariableW
WideCharToMultiByte
EncodePointer
DecodePointer
GetDriveTypeW
GetLogicalDrives
GetLogicalDriveStringsW
MoveFileExW
MoveFileW
CopyFileW
GlobalSize
GlobalFree
GlobalUnlock
GetCurrentProcessId
GlobalAlloc
HeapWalk
HeapValidate
HeapCompact
GlobalMemoryStatus
GetVersionExW
ResetEvent
CreateThread
WaitForMultipleObjects
CreateEventW
FreeLibrary
SetEvent
RemoveDirectoryW
GetTempFileNameW
ReadFile
CreateDirectoryW
DebugBreak
HeapSize
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
FindFirstFileW
FindNextFileW
FindClose
GetFullPathNameW
SetErrorMode
GetFileAttributesW
ExpandEnvironmentStringsW
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
Sleep
InterlockedExchange
DuplicateHandle
SetFileAttributesW
LocalFree
GetTempPathW
GetShortPathNameW
CreateProcessW
CreateProcessA
OpenProcess
GetVolumeInformationW
SetFileTime
SetEndOfFile
OpenEventW
GetComputerNameW
GetOverlappedResult
GetFileType
GetDiskFreeSpaceW
GetDiskFreeSpaceExW
GetPrivateProfileStringW
LoadLibraryW
GetExitCodeProcess
GetLocaleInfoW
VirtualAlloc
VirtualFree
IsWow64Process
GlobalLock
GetCurrentThreadId
GetLastError
GetCommandLineW

msvcrt

wcschr
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_amsg_exit
__setusermatherr
_adjust_fdiv
__p__commode
__set_app_type
?terminate@@YAXXZ
_except_handler4_common
_controlfp
_unlock
__dllonexit
_lock
_onexit
_vsnprintf
_vsnwprintf
??3@YAXPAX@Z
??2@YAPAXI@Z
wcsrchr
__getmainargs
_wcsicmp
memset
__p__fmode
??1type_info@@UAE@XZ
_purecall
memcpy
iswctype
swscanf_s
_wtoi
wcstok
fclose
feof
fgetws
_wfopen
_wcsnicmp
free
towlower
malloc

shell32

CommandLineToArgvW
ord165
SHGetFolderPathW
ShellExecuteExW
ExtractIconExW

advapi32

RegDeleteKeyW
SetSecurityDescriptorOwner
RegSetKeySecurity
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
CryptReleaseContext
CryptDestroyHash
CryptDestroyKey
CryptDecrypt
CryptEncrypt
CryptGetHashParam
CryptGenRandom
CryptDeriveKey
CryptHashData
CryptCreateHash
CryptAcquireContextW
SetSecurityInfo
GetSecurityInfo
IsValidSid
LookupAccountSidW
LookupAccountNameW
GetUserNameW
RegFlushKey
RegCloseKey
RegDeleteValueW
RegEnumValueW
RegSetValueExW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetSecurityDescriptorDacl
EqualSid
AddAccessAllowedAce
InitializeAcl
GetLengthSid
GetTokenInformation
OpenThreadToken
InitializeSecurityDescriptor
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegCreateKeyExW
RegUnLoadKeyW
RegLoadKeyW
RegQueryValueExW
SetNamedSecurityInfoW

dbghelp

MiniDumpWriteDump

oleaut32

VariantClear
SystemTimeToVariantTime
VariantTimeToSystemTime

ole32

CreateStreamOnHGlobal
GetHGlobalFromStream
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitializeEx
CoInitialize

user32

UnregisterClassA
LoadIconW
MessageBoxA
MessageBoxW

shlwapi

PathRemoveFileSpecW
SHGetValueW

iphlpapi

GetIpAddrTable

ws2_32

inet_addr
inet_ntoa
htonl
htons
gethostname
gethostbyname
getsockopt
setsockopt
socket
bind
ioctlsocket
listen
shutdown
getsockname
recv
recvfrom
sendto
WSAGetLastError
WSACleanup
send
WSAStartup
connect
select
accept
WSAIoctl
__WSAFDIsSet
closesocket

Exports

Exports

??0?$CDynamicArray@EPAE@@QAE@I@Z
??0?$CDynamicArray@EPAUSKey@@@@QAE@I@Z
??0?$CDynamicArray@EPAUSValue@@@@QAE@I@Z
??0?$CDynamicArray@GPAG@@QAE@I@Z
??0?$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@QAE@I@Z
??0?$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QAE@I@Z
??0?$CDynamicArray@_KPA_K@@QAE@I@Z
??1?$CDynamicArray@EPAE@@QAE@XZ
??1?$CDynamicArray@EPAUSKey@@@@QAE@XZ
??1?$CDynamicArray@EPAUSValue@@@@QAE@XZ
??1?$CDynamicArray@GPAG@@QAE@XZ
??1?$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@QAE@XZ
??1?$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QAE@XZ
??1?$CDynamicArray@_KPA_K@@QAE@XZ
??4?$CDynamicArray@EPAE@@QAEAAV0@ABV0@@Z
??4?$CDynamicArray@EPAUSKey@@@@QAEAAV0@ABV0@@Z
??4?$CDynamicArray@EPAUSValue@@@@QAEAAV0@ABV0@@Z
??4?$CDynamicArray@GPAG@@QAEAAV0@ABV0@@Z
??4?$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@QAEAAV0@ABV0@@Z
??4?$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QAEAAV0@ABV0@@Z
??4?$CDynamicArray@_KPA_K@@QAEAAV0@ABV0@@Z
??A?$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@QAEAAPAUSEnumBinContext@@I@Z
??A?$CDynamicArray@_KPA_K@@QAEAA_KI@Z
??B?$CDynamicArray@EPAUSKey@@@@QBEPAUSKey@@XZ
??B?$CDynamicArray@EPAUSValue@@@@QBEPAUSValue@@XZ
??B?$CDynamicArray@GPAG@@QBEPAGXZ
??C?$CDynamicArray@EPAUSKey@@@@QBEPAUSKey@@XZ
??C?$CDynamicArray@EPAUSValue@@@@QBEPAUSValue@@XZ
??_F?$CDynamicArray@EPAE@@QAEXXZ
??_F?$CDynamicArray@EPAUSKey@@@@QAEXXZ
??_F?$CDynamicArray@EPAUSValue@@@@QAEXXZ
??_F?$CDynamicArray@GPAG@@QAEXXZ
??_F?$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@QAEXXZ
??_F?$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QAEXXZ
??_F?$CDynamicArray@_KPA_K@@QAEXXZ
?Add@?$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@QAEHAAPAUSEnumBinContext@@@Z
?Add@?$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QAEHAAUSKeeperEntry@CBlackboardFactory@@@Z
?Add@?$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QAEHAAUSKeeperEntry@CBlackboardFactory@@AAI@Z
?Add@?$CDynamicArray@_KPA_K@@QAEHAA_K@Z
?ElementAt@?$CDynamicArray@GPAG@@QAEAAGI@Z
?ElementAt@?$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QAEAAUSKeeperEntry@CBlackboardFactory@@I@Z
?GetBuffer@?$CDynamicArray@EPAE@@QAEPAEI@Z
?GetBuffer@?$CDynamicArray@EPAUSValue@@@@QAEPAUSValue@@I@Z
?GetBuffer@?$CDynamicArray@GPAG@@QAEPAGI@Z
?GetSize@?$CDynamicArray@EPAE@@QBEIXZ
?GetSize@?$CDynamicArray@GPAG@@QBEIXZ
?GetSize@?$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@QBEIXZ
?GetSize@?$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QBEIXZ
?GetSize@?$CDynamicArray@_KPA_K@@QBEIXZ
?Init@?$CDynamicArray@EPAE@@IAEXI@Z
?Init@?$CDynamicArray@EPAUSKey@@@@IAEXI@Z
?Init@?$CDynamicArray@EPAUSValue@@@@IAEXI@Z
?Init@?$CDynamicArray@GPAG@@IAEXI@Z
?Init@?$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@IAEXI@Z
?Init@?$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@IAEXI@Z
?Init@?$CDynamicArray@_KPA_K@@IAEXI@Z
?RemoveAll@?$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QAEXXZ
?RemoveAll@?$CDynamicArray@_KPA_K@@QAEXXZ
?RemoveItemFromTail@?$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@QAEXXZ
?SetSize@?$CDynamicArray@EPAE@@QAEHK@Z
?SetSize@?$CDynamicArray@EPAUSKey@@@@QAEHK@Z
?SetSize@?$CDynamicArray@EPAUSValue@@@@QAEHK@Z
?SetSize@?$CDynamicArray@GPAG@@QAEHK@Z
?SetSize@?$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@QAEHK@Z
?SetSize@?$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QAEHK@Z
?SetSize@?$CDynamicArray@_KPA_K@@QAEHK@Z

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 13KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ba2bb3557f7c74e1b31e60d4e2ffeef1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcrt

shell32

advapi32

dbghelp

oleaut32

ole32

user32

shlwapi

iphlpapi

ws2_32

Exports

Exports

Sections

.text Size: 80KB - Virtual size: 79KB

.data Size: 13KB - Virtual size: 15KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 9KB - Virtual size: 9KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 80KB - Virtual size: 79KB

.data
Size: 13KB - Virtual size: 15KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 9KB - Virtual size: 9KB

.UPX0
Size: 108KB - Virtual size: 260KB