b973b2dc15132e714a7961f81a5f13fd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b973b2dc15132e714a7961f81a5f13fd_JaffaCakes118
Size

144KB
MD5

b973b2dc15132e714a7961f81a5f13fd
SHA1

6d695e91be33d0aaf5d8454ddd28b89220f4b662
SHA256

2a2eba57cf320aa9018d662fb0100dff3e1b3ad9f0e92af4f6160bf46c84ddea
SHA512

1b6759967a8fbc535932d84cdd5993fbcb4e8c47e30ccc820c7c61940702438b6aeb05f983ff5cb7adc809bb75ce2c177f3d19ede17a2be9383f0d7e8c505678
SSDEEP

3072:u+ATYES2HZ9M8vOpMtQCIRChcoCb0iKK6c9eHE8wqDYEIi75TpEDEJp0:HXEVHpmpMtQC6XPb0if9eHEFiq

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b973b2dc15132e714a7961f81a5f13fd_JaffaCakes118

Files

b973b2dc15132e714a7961f81a5f13fd_JaffaCakes118
.exe windows:6 windows x86 arch:x86

f730ec6ce6a80c53ffd4969e380af011

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ksetup.pdb

Imports

advapi32

LsaClose
LsaOpenPolicy
RegCloseKey
RegCreateKeyExW
RegConnectRegistryW
LsaQueryTrustedDomainInfoByName
RegEnumKeyExW
RegOpenKeyExW
RegEnumValueW
LsaFreeMemory
LsaQueryInformationPolicy
LsaStorePrivateData
LsaSetInformationPolicy
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
LsaSetTrustedDomainInfoByName

kernel32

lstrcmpiW
GetLastError
GetModuleHandleW
SetConsoleMode
GetConsoleMode
GetStdHandle
lstrlenW
FormatMessageW
LoadLibraryW
GetSystemDirectoryW
LocalFree
LocalAlloc
GetComputerNameW
SetComputerNameExW
lstrcmpW
SetLastError
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
InterlockedExchange
Sleep
InterlockedCompareExchange
OutputDebugStringA
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
GetModuleHandleA
SetThreadUILanguage
GetConsoleOutputCP
WideCharToMultiByte
GetProcessHeap
HeapAlloc
WriteFile
HeapFree
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter

msvcrt

mbtowc
__mb_cur_max
isleadbyte
_snprintf
_itoa
ferror
__badioinfo
__pioinfo
_fileno
_lseeki64
_write
_isatty
_controlfp
?terminate@@YAXXZ
malloc
fprintf
_iob
memset
fgetws
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_XcptFilter
_exit
_cexit
__wgetmainargs
_errno
wcsncmp
wcsstr
wcstoul
exit
wcschr
realloc
_wcsdup
_vsnprintf
iswalpha
iswupper
getchar
_vsnwprintf
fwprintf
_wsetlocale
isspace
_wcsicmp
printf
memcpy
free

netapi32

NetServerGetInfo
NetApiBufferFree
DsGetDcNameW

ntdll

RtlCompareUnicodeString
RtlInitString
RtlInitUnicodeString
RtlUnwind

user32

LoadStringW

wldap32

ord34
ord26
ord27
ord30
ord156
ord146
ord170
ord73
ord13
ord50
ord211
ord41

secur32

LsaConnectUntrusted
LsaFreeReturnBuffer
LsaLookupAuthenticationPackage
LsaCallAuthenticationPackage

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.UPX0
Size: 108KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f730ec6ce6a80c53ffd4969e380af011

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

netapi32

ntdll

user32

wldap32

secur32

Sections

.text Size: 29KB - Virtual size: 29KB

.data Size: 2KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

.UPX0 Size: 108KB - Virtual size: 260KB

.text
Size: 29KB - Virtual size: 29KB

.data
Size: 2KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB

.UPX0
Size: 108KB - Virtual size: 260KB