b4a7aa26039895a634dcad0f032e83f5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b4a7aa26039895a634dcad0f032e83f5_JaffaCakes118
Size

392KB
MD5

b4a7aa26039895a634dcad0f032e83f5
SHA1

0e0b7d48b9f1b099c43072412738dc4a9145f07b
SHA256

cbd07c24d481cbccbf6394222d364f52f7ff128dbb96b728f8e33cb5ccc2b81f
SHA512

e754b91d4f040686b5a2ab457fcbf42f9d7760c6c00645f1b71277978324053cb3021405e6a7cf2568a9656e96a3e1ef4f199efd5181c31a001907b4c1ab62cc
SSDEEP

6144:8dpAcSM0/Yoj8clRDvO4SIA1AT+UBiPVCi55bdbP9GwCUKMCux:84M0/3bDvJAmTs9C+hGaCk

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b4a7aa26039895a634dcad0f032e83f5_JaffaCakes118

Files

b4a7aa26039895a634dcad0f032e83f5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

084cb2f88f8b1a6223890f082cd1b91c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

hskin

TVP_AddFilterHook
TVP_Quit
TVP_SetMainWindow
TVP_InitSkin
TVP_CanFilter

tvpskin

??1CSkinDialog@@UAE@XZ
?LeftButtonDown@CSkinDialog@@UAEXVCString@@HH@Z
?MouseMoved@CSkinDialog@@UAEXVCString@@HH@Z
?ClickText@CSkinDialog@@UAEXH@Z
?TextClicked@CSkinDialog@@UAEXVCString@@@Z
?ChangeTrack@CSkinDialog@@UAEXHII@Z
?TrackChange@CSkinDialog@@UAEXVCString@@II@Z
?PressButton@CSkinDialog@@UAEXH@Z
?ButtonPressed@CSkinDialog@@UAEXVCString@@@Z
?ProgresChanged@CSkinDialog@@UAEXVCString@@@Z
??0CSkinDialog@@QAE@IPAVCWnd@@@Z
?messageMap@CSkinDialog@@1UAFX_MSGMAP@@B
?SptUpdate@CSkinDialog@@QAEXHPAN@Z
?SptSetYRange@CSkinDialog@@QAEXHH@Z
?SetPageSize@CSkinDialog@@QAEXPBDH@Z
?SetPos@CSkinDialog@@QAEXPBDH@Z
?SetRange@CSkinDialog@@QAEXPBDHH@Z
?LoadMainwndSkin@CSkinDialog@@QAEHPBD0PAVCWnd@@@Z
?OnInitDialog@CSkinDialog@@MAEHXZ
?OnPaint@CSkinDialog@@IAEXXZ
?SetText@CSkinDialog@@QAEHPBD0@Z
?SptSetGraphType@CSkinDialog@@QAEXH@Z
?GetPos@CSkinDialog@@QAEHPBD@Z
?SetButtonCheck@CSkinDialog@@QAEHPBDH@Z
?FreeMainwnd@CSkinDialog@@QAEXXZ
?Setup@CSkinDialog@@MAEXAAVCBitmap@@@Z

mfc42

ord556
ord567
ord825
ord3663
ord3626
ord2414
ord5785
ord4275
ord4284
ord2379
ord2405
ord5053
ord5981
ord2864
ord800
ord3874
ord540
ord5788
ord283
ord5875
ord2859
ord1641
ord1640
ord6880
ord1146
ord2122
ord4160
ord6358
ord1088
ord823
ord1168
ord5265
ord4376
ord4998
ord2514
ord6052
ord1775
ord4407
ord5280
ord4425
ord3597
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord692
ord641
ord324
ord2302
ord4234
ord2642
ord3092
ord4853
ord3803
ord801
ord4224
ord668
ord2770
ord924
ord356
ord535
ord541
ord860
ord4710
ord5861
ord5572
ord2915
ord537
ord2818
ord858
ord6143
ord6648
ord6283
ord6282
ord2764
ord1907
ord2582
ord4402
ord3370
ord3640
ord5161
ord5162
ord5160
ord4905
ord4742
ord4976
ord4948
ord4358
ord4377
ord4854
ord5287
ord4835
ord768
ord489
ord693
ord4258
ord6907
ord3998
ord3996
ord323
ord3721
ord3619
ord795
ord6215
ord2860
ord6199
ord3873
ord3797
ord3089
ord4171
ord4278
ord6662
ord941
ord4129
ord5683
ord5710
ord1200
ord1232
ord1153
ord1140
ord925
ord6888
ord6874
ord3716
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord790
ord616
ord2754
ord2294
ord2362
ord2358
ord2301
ord2516
ord361
ord6334
ord6111
ord2513
ord293
ord4694
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord5307
ord5714
ord4622
ord3738
ord815
ord561
ord2621
ord1134
ord5289
ord4698
ord2725
ord2863
ord1576
ord470
ord6311
ord3499
ord2515
ord355
ord926
ord922
ord4220
ord2584
ord3654
ord2438
ord6270
ord1644
ord2528
ord2086
ord2380
ord939
ord5148
ord4204
ord3452
ord3181
ord2781
ord1908
ord3398
ord3733
ord1690
ord5288
ord4439
ord2054
ord4431
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord6172
ord5873
ord5789
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord810
ord771
ord497
ord4259
ord5849
ord3287
ord2881
ord6008
ord4000
ord4715
ord1008
ord3693
ord2566
ord5787
ord5768
ord2152
ord5440
ord6383
ord5450
ord6394
ord609
ord809
ord640
ord3571
ord3574
ord4424
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord3402
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4396
ord1776
ord4078
ord6055
ord2575
ord4299
ord755

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
time
srand
_mbscmp
atoi
sprintf
_stricmp
_setmbcp
__CxxFrameHandler
_ftol
atol

kernel32

GlobalLock
lstrlenA
GlobalUnlock
GlobalFree
WritePrivateProfileStringA
GetPrivateProfileStringA
GetLogicalDriveStringsA
GetDriveTypeA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ReleaseMutex
GetLastError
CreateMutexA
lstrcmpA
lstrcpyA
MulDiv
GetCommandLineA
SetCurrentDirectoryA
Sleep
GetModuleHandleA
GetStartupInfoA
GetPrivateProfileIntA
FreeLibrary
LoadLibraryA
GetWindowsDirectoryA
GetProcAddress
GlobalAlloc
CloseHandle
GetModuleFileNameA

user32

LoadCursorA
SetWindowLongA
LoadIconA
SetForegroundWindow
BringWindowToTop
ShowWindow
FindWindowExA
LoadAcceleratorsA
EnableMenuItem
TrackPopupMenuEx
AppendMenuA
GetSystemMenu
DrawIcon
IsIconic
KillTimer
SetTimer
AdjustWindowRect
GetDesktopWindow
GetCursorPos
TranslateAcceleratorA
ScreenToClient
DeleteMenu
RedrawWindow
InsertMenuA
wsprintfA
CreatePopupMenu
CheckMenuItem
LockWindowUpdate
SetParent
GetClassNameA
MapWindowPoints
GetWindow
TabbedTextOutA
DrawTextA
GrayStringA
EndPaint
BeginPaint
PostMessageA
ClientToScreen
WindowFromPoint
GetActiveWindow
InvalidateRect
SetCursor
GetParent
ReleaseCapture
SetCapture
GetSystemMetrics
SystemParametersInfoA
IsWindowVisible
PtInRect
GetCapture
MoveWindow
EnableWindow
LoadMenuA
GetDC
ReleaseDC
GetClientRect
GetSysColor
OffsetRect
GetWindowRect
GetMenuItemCount
GetSubMenu
GetNextDlgTabItem
SendMessageA
GetWindowLongA
GetMenu

gdi32

CreateSolidBrush
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
Rectangle
CreateFontA
GetCurrentObject
GetTextMetricsA
GetTextExtentPoint32A
GetDeviceCaps
CreateFontIndirectA
GetObjectA
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetStockObject
DeleteObject
BitBlt

advapi32

RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyA
RegCreateKeyA
RegQueryValueA

shell32

ShellExecuteA
DragFinish
ShellExecuteExA
DragQueryFileA

comctl32

_TrackMouseEvent

Sections

.text
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.UPX
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

084cb2f88f8b1a6223890f082cd1b91c

Headers

File Characteristics

Imports

hskin

tvpskin

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

Sections

.text Size: 92KB - Virtual size: 88KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 12KB - Virtual size: 9KB

.rsrc Size: 16KB - Virtual size: 14KB

.UPX Size: 240KB - Virtual size: 240KB

.text
Size: 92KB - Virtual size: 88KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 12KB - Virtual size: 9KB

.rsrc
Size: 16KB - Virtual size: 14KB

.UPX
Size: 240KB - Virtual size: 240KB