b3786936daf74fa543e2e809c9ed34ff_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b3786936daf74fa543e2e809c9ed34ff_JaffaCakes118
Size

331KB
MD5

b3786936daf74fa543e2e809c9ed34ff
SHA1

c43889cf60aaaa6b5368a4113ae9026cdc7cf841
SHA256

21e031632d6f968cda21ba88bff0e596b02d8470eff09f9405bb14c9d15478b2
SHA512

79f84f24747d01440b412093f0dad55d5962c76cc40c33cec6cf853190b062a1b24a39cbf45e89ba59c7ae4ec2df77ff24e38b68b0a7c256fe89c2dd1083e24a
SSDEEP

6144:OX2QjT0DE/GCV8eIzXTZq+9azw3+uH/37zR6m4vZACEa2xGxine+LFL:0jTbGeATZFAoH//R6m4hACEaTxinfLF

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b3786936daf74fa543e2e809c9ed34ff_JaffaCakes118

Files

b3786936daf74fa543e2e809c9ed34ff_JaffaCakes118
.exe windows:6 windows x86 arch:x86

ae59a5d885d7cfe8351372f0813af96d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

FXSCOVER.pdb

Imports

advapi32

TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
RegDeleteKeyW
RegSetValueW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegQueryValueExA
RegOpenKeyExA

kernel32

GetModuleHandleA
GetProcAddress
MultiByteToWideChar
LoadLibraryW
FormatMessageW
CloseHandle
GetProfileStringW
LoadLibraryA
ExpandEnvironmentStringsA
HeapFree
HeapAlloc
GetProcessHeap
CreateDirectoryW
GetComputerNameW
OutputDebugStringW
GetVersionExW
GetVersion
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
lstrlenW
SetCurrentDirectoryW
LocalFree
GetLastError
GetWindowsDirectoryW
GetCommandLineW
GlobalUnlock
GlobalLock
GetLocaleInfoW
GetFileAttributesW
GetModuleFileNameW
GetCurrentDirectoryW
ExpandEnvironmentStringsW
GetEnvironmentVariableW
SetErrorMode
HeapSetInformation
LocalUnlock
LocalLock
LocalAlloc
SetLastError
MulDiv
GlobalFree
InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
FreeLibrary
GlobalAlloc

gdi32

LPtoDP
GetObjectW
GetStockObject
SelectObject
GetTextExtentPoint32W
GetTextMetricsW
GetCurrentObject
CreateCompatibleDC
CreateDCW
GetDeviceCaps
CreateEnhMetaFileW
CloseEnhMetaFile
GetEnhMetaFileBits
CreatePenIndirect
CreateBrushIndirect
CreateFontIndirectW
CreateEllipticRgnIndirect
CreatePolygonRgn
CreateRoundRectRgn
RectInRegion
GetViewportOrgEx
GetWindowOrgEx
Ellipse
Polygon
Rectangle
RoundRect
PatBlt
BeginPath
EndPath
WidenPath
DeleteObject
PathToRegion
EnumFontFamiliesW
CreatePen
CreateCompatibleBitmap
SetBrushOrgEx
DPtoLP
BitBlt

user32

SetRect
InflateRect
IntersectRect
EqualRect
InSendMessage
GetWindowDC
ReleaseDC
IsRectEmpty
RegisterWindowMessageW
LoadStringW
EnableWindow
LoadIconW
LoadCursorW
SendMessageW
MessageBoxW
SetWindowLongW
CopyRect
UnionRect
GetClientRect
InvalidateRect
CreateWindowExW
DestroyWindow
GetKeyState
GetSysColor
OffsetRect
DrawFocusRect
GetCapture
SetCapture
SetCaretPos
ReleaseCapture
SetCursor
CreatePopupMenu
AppendMenuW
ClientToScreen
ScreenToClient
UpdateWindow
CreateCaret
GetSysColorBrush
GetSystemMetrics
DestroyCaret
IsClipboardFormatAvailable
SystemParametersInfoW
GetWindowLongW
GetMessagePos
SetFocus
RegisterClipboardFormatW
GetFocus
GetWindowContextHelpId
WinHelpW
PostMessageW
IsIconic
GetParent
SetForegroundWindow
GetMenu
GetDlgItem
MoveWindow

mfc42u

ord5613
ord3102
ord2176
ord2177
ord3943
ord5726
ord1995
ord5192
ord5936
ord4689
ord788
ord800
ord815
ord540
ord561
ord3733
ord4418
ord5710
ord5285
ord5303
ord4692
ord4074
ord5298
ord5296
ord3341
ord2388
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord5746
ord858
ord3442
ord3191
ord2810
ord5499
ord538
ord942
ord861
ord6343
ord4609
ord641
ord324
ord3592
ord4419
ord4621
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5276
ord4347
ord6370
ord5157
ord2377
ord5237
ord4401
ord1767
ord4073
ord6048
ord2506
ord4704
ord4992
ord4847
ord4370
ord5261
ord2362
ord4229
ord941
ord940
ord4269
ord4209
ord4604
ord6399
ord860
ord2879
ord665
ord1971
ord3313
ord268
ord5180
ord354
ord1145
ord4155
ord6325
ord5193
ord5438
ord5568
ord2910
ord4199
ord4351
ord6065
ord2550
ord2627
ord986
ord5910
ord4154
ord2613
ord1202
ord6113
ord6567
ord1633
ord1868
ord5456
ord420
ord3263
ord4032
ord5952
ord5504
ord4639
ord2050
ord971
ord4956
ord4506
ord4486
ord4487
ord5016
ord4641
ord1722
ord4332
ord4339
ord4484
ord4663
ord4724
ord4997
ord4915
ord5100
ord5013
ord5648
ord2853
ord2950
ord2785
ord1773
ord4477
ord3293
ord5451
ord6391
ord2006
ord720
ord2385
ord969
ord4382
ord3136
ord5820
ord640
ord2397
ord3904
ord6017
ord323
ord4376
ord4548
ord5116
ord4557
ord5086
ord5121
ord5122
ord6928
ord1184
ord2793
ord2732
ord2854
ord2442
ord535
ord1875
ord734
ord715
ord4424
ord4617
ord6171
ord989
ord3449
ord4381
ord4853
ord4948
ord4415
ord5649
ord3167
ord5573
ord1739
ord5240
ord2502
ord6332
ord3060
ord3053
ord4691
ord3245
ord3782
ord3444
ord3440
ord5623
ord6340
ord3509
ord5018
ord3410
ord2985
ord4150
ord5747
ord4818
ord1258
ord5436
ord1081
ord5601
ord2753
ord5593
ord4016
ord4078
ord5616
ord1082
ord6077
ord4611
ord5706
ord1144
ord3437
ord4233
ord415
ord2238
ord3512
ord482
ord2644
ord5579
ord1662
ord922
ord3171
ord4124
ord4610
ord437
ord705
ord6379
ord3871
ord6190
ord406
ord2371
ord567
ord3605
ord3397
ord5286
ord1768
ord6051
ord656
ord1821
ord6195
ord879
ord882
ord4270
ord3658
ord6396
ord3621
ord2406
ord3688
ord1634
ord3568
ord3614
ord3701
ord4292
ord4128
ord4294
ord2034
ord2585
ord1093
ord4380
ord3216
ord3218
ord777
ord1863
ord613
ord289
ord4312
ord5784
ord1257
ord2386
ord2121
ord2556
ord2555
ord6005
ord5783
ord5871
ord4282
ord4279
ord3133
ord5785
ord6437
ord5977
ord6211
ord2859
ord1083
ord1984
ord501
ord773
ord3566
ord5781
ord3649
ord2576
ord4215
ord2430
ord1637
ord5506
ord3998
ord5228
ord1173
ord1561
ord5264
ord2719
ord2722
ord2721
ord6466
ord1127
ord6238
ord1897
ord3659
ord5819
ord1912
ord784
ord4426
ord1718
ord3743
ord5236
ord4954
ord4518
ord4523
ord4520
ord4537
ord4539
ord4525
ord4343
ord4335
ord4893
ord4583
ord5256
ord1230
ord4327
ord4474
ord603
ord1961
ord273
ord3169
ord5762
ord6127
ord6212
ord4364
ord738
ord3251
ord5878
ord2915
ord2004
ord2447
ord6266
ord2363
ord4502
ord996
ord2767
ord5031
ord3988
ord3971
ord786
ord5899
ord2957
ord1699
ord2453
ord430
ord519
ord1741
ord4037
ord1645
ord429
ord4607
ord5047
ord4608
ord4257
ord517
ord4883
ord4957
ord6185
ord2746
ord4018
ord4324
ord3792
ord3312
ord6336
ord2246
ord2153
ord3764
ord2167
ord2513
ord2508
ord3379
ord4846
ord4369
ord1651
ord2527
ord6188
ord6182
ord5790
ord4532
ord3351
ord3087
ord2291
ord2293
ord1197
ord1196
ord441
ord3672
ord4252
ord4224
ord2634
ord3090
ord2519
ord361
ord3615
ord915
ord4186
ord400
ord702
ord4442
ord4679
ord4670
ord4356
ord5082
ord3577
ord4392
ord2570
ord4213
ord2015
ord2403
ord616
ord4143
ord1834
ord5867
ord2486
ord2619
ord2618
ord5879
ord2112
ord5278
ord6819
ord4718
ord975
ord5275
ord4237
ord4263
ord807
ord554
ord3725
ord2436
ord5244
ord5058
ord6365
ord5230
ord1708
ord1703
ord5080
ord2381
ord4116
ord5467
ord4051
ord4360
ord2522
ord6150
ord3290
ord674
ord796
ord4421
ord5248
ord4430
ord1658
ord2641
ord5233
ord4072
ord4146
ord2873
ord2874
ord3398
ord5468
ord5006
ord3345
ord4298
ord4461
ord5097
ord5094
ord3054
ord2382
ord2715
ord3808
ord529
ord366
ord2072
ord5996
ord2109
ord4451

msvcrt

memcpy
_wtoi
_itow
_CIsin
_CIcos
_wtol
wcsncmp
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_CIatan2
_initterm
_amsg_exit
__setusermatherr
_vsnwprintf
_ftol2_sse
_ftol2
_CItan
_wcsdup
_CxxThrowException
??_U@YAPAXI@Z
_wcsupr
wcsstr
_wsplitpath_s
__p__commode
__p__fmode
__set_app_type
memset
??_V@YAXPAX@Z
__CxxFrameHandler3
_wcmdln
_controlfp
_except_handler4_common
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
wcstok
??1type_info@@UAE@XZ
wcschr
_wcsicmp
iswalpha

comdlg32

GetOpenFileNameW
GetSaveFileNameW

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysAllocString
SysFreeString

shell32

SHGetFolderPathAndSubDirW
SHSetLocalizedName
SHGetFolderPathW
SHGetFileInfoW
ShellAboutW
CommandLineToArgvW

Sections

.text
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ae59a5d885d7cfe8351372f0813af96d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

mfc42u

msvcrt

comdlg32

ole32

oleaut32

shell32

Sections

.text Size: 148KB - Virtual size: 147KB

.data Size: 10KB - Virtual size: 12KB

.rsrc Size: 12KB - Virtual size: 12KB

.reloc Size: 15KB - Virtual size: 15KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 148KB - Virtual size: 147KB

.data
Size: 10KB - Virtual size: 12KB

.rsrc
Size: 12KB - Virtual size: 12KB

.reloc
Size: 15KB - Virtual size: 15KB

UPX0
Size: 144KB - Virtual size: 380KB