b32371d2ca5c3962ac28f6b1700d5626_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b32371d2ca5c3962ac28f6b1700d5626_JaffaCakes118
Size

212KB
MD5

b32371d2ca5c3962ac28f6b1700d5626
SHA1

9293167c9b15d484aaf22f9b4f0810aca1af055c
SHA256

242592aa3e79b3583e564ede1482bdcca50abe2f7105a689fbb7642dc0cf6444
SHA512

797a9579a9d989f306f5a372a6560d4f61285f02d5c2379b3419dd49b544061c4110f3acfe724766984516c4cea83f6dbb4d5024f67874b1c23b058ac411de28
SSDEEP

6144:Raj8uDRrCcCInKF/h1sIC9M/auOoL+38ZlPgvqr3IKJR6x8YcQxsKdsz+g:Rajt+BQKsTmOGEex6g3Xc2Yckg

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b32371d2ca5c3962ac28f6b1700d5626_JaffaCakes118

Files

b32371d2ca5c3962ac28f6b1700d5626_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d5313d759516c136a937f39a2188909a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\depot\workscd\gdicache\Release\wkgdcach.pdb

Imports

wkwbl

?_WksHeapDestroy@@YAPAXPAX@Z
?_WksHeapAlloc@@YAPAXPAXKK@Z
?_WksHeapReAlloc@@YAPAXPAXKPAPAXK@Z
?_WksHeapCreate@@YAPAXKKK@Z
??3@YAXPAX0K@Z
?CwchLoadWz@MWblIntl@@SAHPAUHINSTANCE__@@IPAGH@Z
?PwchFindWchInWz@MWblStrings@@SAPAGPBGG@Z
?CwchWzToDouble@MWblStrings@@SAHPBGPAN@Z
?OperatorNew@@YAPAXIPAXK@Z
??2@YAPAXIPAXK@Z
?OperatorDelete@@YAXPAX@Z

kernel32

GetTickCount
QueryPerformanceCounter
GetStartupInfoW
ExitProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
EnterCriticalSection
LeaveCriticalSection
GetProcessHeap
MulDiv
FreeLibrary
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetLastError
CloseHandle
WaitForSingleObject
InterlockedIncrement
InterlockedDecrement
SetThreadPriority
Sleep
CreateThread
SetEvent
TerminateThread
ResumeThread
GetCurrentThreadId
MultiByteToWideChar
SizeofResource
LoadResource
GetCommandLineW
GetModuleHandleA
GetVersionExA

user32

TranslateMessage
GetDC
ReleaseDC
DestroyWindow

gdi32

DeleteDC
GetDeviceCaps
DeleteObject

advapi32

RegCloseKey

ole32

CoCreateInstance
StringFromGUID2
CoUninitialize
CoTaskMemRealloc
CoTaskMemFree
CoRegisterClassObject
CoRevokeClassObject
CoInitialize
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler

oleaut32

VariantClear
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
VariantInit

wkwinuni

ord68
ord104
ord45
ord135
ord26
ord31
ord108
ord112
ord17
ord67
ord167
ord141
ord143
ord140
ord128
ord134
ord133
ord7
ord127
ord35
ord66
ord179
ord111
ord21
ord19
ord256
ord255
ord103
ord113
ord109
ord166
ord264

shlwapi

PathFindExtensionW

msvcp71

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

msvcr71

memcpy
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_CxxThrowException
_except_handler3
free
malloc
memset
memmove
__CxxFrameHandler
memcmp
_controlfp
__set_app_type
_purecall
_beginthreadex
wcsncpy
realloc
_resetstkoflw
__security_error_handler
??1type_info@@UAE@XZ
__dllonexit
_onexit
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_amsg_exit
_wcmdln
?terminate@@YAXXZ
exit
_cexit
_XcptFilter
_exit
_c_exit

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 616B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d5313d759516c136a937f39a2188909a

Headers

File Characteristics

PDB Paths

Imports

wkwbl

kernel32

user32

gdi32

advapi32

ole32

oleaut32

wkwinuni

shlwapi

msvcp71

msvcr71

Sections

.text Size: 36KB - Virtual size: 33KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 616B

.rsrc Size: 8KB - Virtual size: 4KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 36KB - Virtual size: 33KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 616B

.rsrc
Size: 8KB - Virtual size: 4KB

UPX0
Size: 144KB - Virtual size: 380KB