b451b8e2dc592fffccc76f95393b1a68_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b451b8e2dc592fffccc76f95393b1a68_JaffaCakes118
Size

372KB
MD5

b451b8e2dc592fffccc76f95393b1a68
SHA1

bd22d380db6c57925e94d97909a7ee09e32b4a16
SHA256

55755256e039ed8289b7a687120166ec726505bffccb236e143bbd00ffc52516
SHA512

bbe2752f501aec4fd2e97864ca1527d96200ccfb7555aae4d5df009425e5e582563789588bbf744748e87fcc0cd411b115e2dd3d8e07f350c7ac69c507cc3994
SSDEEP

3072:PcTnhgzS7ueGVYCWymYexdM3PwIqOoyzxqCcSm29+lKlI87h2M+S3vhJAJVWw8Wa:9OPFYViOo2ECQuLI8wM+S3S1OFUOB

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b451b8e2dc592fffccc76f95393b1a68_JaffaCakes118

Files

b451b8e2dc592fffccc76f95393b1a68_JaffaCakes118
.exe windows:4 windows x86 arch:x86

eff3f2e83f0700918ba1361cb0a7a11c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

mfc80u

ord1591
ord4274
ord4716
ord3397
ord5208
ord4179
ord6271
ord5067
ord1899
ord5148
ord4238
ord1393
ord3940
ord1608
ord1611
ord5911
ord6721
ord1573
ord2027
ord1318
ord1117
ord3080
ord776
ord4948
ord3662
ord3546
ord516
ord4256
ord1513
ord4276
ord4714
ord5207
ord1392
ord5908
ord6720
ord1542
ord1661
ord1662
ord2011
ord4574
ord4884
ord4730
ord4207
ord5178
ord4184
ord4838
ord4611
ord4791
ord5064
ord5065
ord6744
ord718
ord3661
ord1086
ord2366
ord5066
ord1118
ord896
ord2161
ord4861
ord587
ord572
ord3158
ord4255
ord2985
ord5210
ord4226
ord1536
ord2077
ord1785
ord5698
ord620
ord591
ord3165
ord4228
ord1538
ord2080
ord4092
ord1474
ord1922
ord3189
ord1476
ord6063
ord2651
ord3756
ord741
ord657
ord3311
ord4234
ord1582
ord2086
ord3223
ord4231
ord1561
ord2082
ord4093
ord1475
ord1924
ord6262
ord1388
ord1176
ord1178
ord605
ord265
ord3249
ord1172
ord5316
ord6282
ord5327
ord6293
ord2155
ord6232
ord282
ord899
ord5398
ord2460
ord2461
ord354
ord5956
ord5199
ord4729
ord3635
ord3314
ord3092
ord2740
ord2747
ord2744
ord2116
ord5626
ord5873
ord2904
ord5325
ord6291
ord4054
ord6211
ord917
ord2305
ord2465
ord5343
ord380
ord3195
ord2696
ord2697
ord5489
ord1472
ord2468
ord4100
ord5342
ord6284
ord629
ord1430
ord5319
ord5083
ord384
ord1198
ord1049
ord757
ord1121
ord566
ord3327
ord4475
ord2832
ord5562
ord5209
ord5226
ord4562
ord3942
ord2239
ord5222
ord5220
ord2925
ord1911
ord3826
ord5378
ord6215
ord5096
ord1007
ord3800
ord5579
ord2009
ord2054
ord4320
ord6274
ord3795
ord6272
ord4008
ord4032
ord4206
ord5712
ord5711
ord1894
ord631
ord3925
ord2742
ord2279
ord2271
ord287
ord386
ord1782
ord1765
ord1883
ord4743
ord709
ord501
ord1906
ord5524
ord4101
ord630
ord3082
ord2012
ord385
ord745
ord557
ord2121
ord3990
ord5705
ord860
ord290
ord900
ord5558
ord894
ord5231
ord5229
ord920
ord925
ord929
ord927
ord931
ord2384
ord2404
ord2388
ord2394
ord2392
ord2390
ord2407
ord2402
ord2386
ord2409
ord2397
ord2379
ord2381
ord2399
ord2169
ord2163
ord1512
ord6273
ord3796
ord6275
ord3339
ord4961
ord1353
ord5171
ord6111
ord2895
ord1479
ord870
ord5485
ord2261
ord1955
ord1647
ord1646
ord1590
ord5196
ord2531
ord2725
ord2829
ord4301
ord2708
ord2856
ord2534
ord2640
ord2527
ord3712
ord3713
ord3703
ord2638
ord3943
ord4480
ord4266
ord526
ord3126
ord977
ord721
ord4577
ord4026
ord1058
ord2365
ord3547
ord3198
ord3204
ord1925
ord1720
ord266
ord762
ord1079
ord2311
ord774
ord556
ord5091
ord6306
ord1443
ord744
ord293
ord2310
ord283
ord280
ord577
ord764
ord3927
ord3176
ord6700
ord2893
ord3677

msvcr80

memset
memcpy_s
_wtol
memcpy
fgets
_CxxThrowException
wcschr
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_controlfp_s
_invoke_watson
_except_handler4_common
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__dllonexit
_lock
_onexit
__CxxFrameHandler3
malloc
free
_decode_pointer
?terminate@@YAXXZ
__set_app_type
_unlock

kernel32

DeleteFileW
RemoveDirectoryW
lstrlenW
lstrcpyW
WideCharToMultiByte
GetACP
MultiByteToWideChar
FreeLibrary
GetModuleFileNameW
InterlockedIncrement
GetVersionExW
LoadLibraryW
GetProcAddress
lstrcpynW
InterlockedDecrement
LocalFree
GetLastError
FindClose
FindFirstFileW
GetWindowsDirectoryW
GetSystemDirectoryW
CreateDirectoryW
InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLocaleInfoA
GetTempPathW
GetVersionExA
lstrlenA
GetThreadLocale

user32

AppendMenuW
GetSystemMenu
SendMessageW
LoadIconW
EnableWindow
GetParent
SetForegroundWindow
PostMessageW
GetSystemMetrics
GetClientRect
IsIconic
DrawIcon
PeekMessageW

advapi32

GetUserNameW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteW

shlwapi

PathFindFileNameW
PathAppendW
PathRemoveExtensionW

ole32

CoCreateInstance
OleRun
CLSIDFromProgID

oleaut32

VariantClear
VariantInit
VariantCopy
SysAllocStringByteLen
SysFreeString
SysAllocString
GetErrorInfo
SysStringByteLen
VariantChangeType

bcgcbpro951u80

?PreInitDialog@CBCGPDialog@@MAEXXZ
?PreTranslateMessage@CBCGPDialog@@UAEHPAUtagMSG@@@Z
?OnCommand@CBCGPDialog@@MAEHIJ@Z
?GetRuntimeClass@CBCGPDialog@@UBEPAUCRuntimeClass@@XZ
??0CBCGPDialog@@QAE@IPAVCWnd@@@Z
?ReloadWindowPlacement@CBCGPWorkspace@@MAEHPAVCFrameWnd@@@Z
?StoreWindowPlacement@CBCGPWorkspace@@MAEHABVCRect@@HH@Z
?LoadWindowPlacement@CBCGPWorkspace@@MAEHAAVCRect@@AAH1@Z
?SaveCustomState@CBCGPWorkspace@@MAEXXZ
?PreSaveState@CBCGPWorkspace@@MAEXXZ
?LoadCustomState@CBCGPWorkspace@@MAEXXZ
?PreLoadState@CBCGPWorkspace@@MAEXXZ
?OnClosingMainFrame@CBCGPWorkspace@@MAEXPAVCBCGPFrameImpl@@@Z
?OnSelectSkin@CBCGPWorkspace@@UAEXXZ
?OnBCGPIdle@CBCGPWorkspace@@UAEHPAVCWnd@@@Z
?OnAppContextHelp@CBCGPWorkspace@@UAEXPAVCWnd@@QBK@Z
?ShowPopupMenu@CBCGPWorkspace@@UAEHIABVCPoint@@PAVCWnd@@@Z
?OnViewDoubleClick@CBCGPWorkspace@@UAEHPAVCWnd@@H@Z
?SaveState@CBCGPWorkspace@@UAEHPB_WPAVCBCGPFrameImpl@@@Z
?CleanState@CBCGPWorkspace@@UAEHPB_W@Z
?LoadState@CBCGPWorkspace@@UAEHPB_WPAVCBCGPFrameImpl@@@Z
?OnAfterDownloadSkins@CBCGPWorkspace@@UAEXABV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
??0CBCGPWorkspace@@QAE@H@Z
??1CBCGPWorkspace@@UAE@XZ
?BCGCBProCleanUp@@YAXXZ
?BCGCBProSetResourceHandle@@YAXPAUHINSTANCE__@@@Z
?DoModal@CBCGPDialog@@UAEHXZ
??1CBCGPDialog@@UAE@XZ
?GetThisMessageMap@CBCGPDialog@@KGPBUAFX_MSGMAP@@XZ

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX0
Size: 104KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

eff3f2e83f0700918ba1361cb0a7a11c

Headers

File Characteristics

Imports

version

mfc80u

msvcr80

kernel32

user32

advapi32

shell32

shlwapi

ole32

oleaut32

bcgcbpro951u80

Sections

.text Size: 76KB - Virtual size: 75KB

.rdata Size: 32KB - Virtual size: 29KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 152KB - Virtual size: 152KB

.UPX0 Size: 104KB - Virtual size: 252KB

.text
Size: 76KB - Virtual size: 75KB

.rdata
Size: 32KB - Virtual size: 29KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 152KB - Virtual size: 152KB

.UPX0
Size: 104KB - Virtual size: 252KB