b655607b86d4ced34a26a56ea6e82b54_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b655607b86d4ced34a26a56ea6e82b54_JaffaCakes118
Size

2.4MB
MD5

b655607b86d4ced34a26a56ea6e82b54
SHA1

1dabc65c168afdf3c370b573d51e8766387b5956
SHA256

26d73729c4364c9c932c0e16433194599e921381eed4c3f307e572fff9373647
SHA512

c3728f3d8063bbe2b21486fe2ac329039fa29728e003d118a412205e239d31fada59865d3b1134b17c41308a9c6f2dab3c1d836d98fecd9246e35c9fec7d8831
SSDEEP

49152:3NY2Lp1I6hTdL8atZ8kiA5gCk3CypgHVN:9YAp1I6hTdL59iCwSyu1

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b655607b86d4ced34a26a56ea6e82b54_JaffaCakes118

Files

b655607b86d4ced34a26a56ea6e82b54_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b06461cbafd6b2e2bdfad6cb0a0d21b1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar
HeapFree
HeapAlloc
EnterCriticalSection
WideCharToMultiByte
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetPrivateProfileStringA
CreateDirectoryA
GetModuleHandleA
WriteFile
GetComputerNameA
CreateFileA
Sleep
WaitNamedPipeA
GlobalFree
GlobalAlloc
ReadFile
GetTickCount
FormatMessageA
GetWindowsDirectoryA
WinExec
lstrcatA
WaitForMultipleObjects
GetSystemTime
GlobalUnlock
GlobalLock
GlobalMemoryStatus
CopyFileA
GetCurrentThreadId
QueryPerformanceCounter
FlushConsoleInputBuffer
GetStdHandle
FindClose
FindNextFileA
FindFirstFileA
LoadResource
FindResourceA
LockResource
lstrcmpA
lstrcmpiA
GlobalDeleteAtom
SetThreadPriority
SuspendThread
InterlockedIncrement
InterlockedDecrement
GlobalAddAtomA
GetPrivateProfileIntA
WritePrivateProfileStringA
GlobalFindAtomA
GlobalGetAtomNameA
DuplicateHandle
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
MoveFileA
GetVolumeInformationA
lstrcpynA
GetFullPathNameA
GetStringTypeExA
GetThreadLocale
GetShortPathNameA
GetFileAttributesA
GetTempFileNameA
SetFileTime
GetFileTime
GetDiskFreeSpaceA
MulDiv
lstrlenW
FileTimeToLocalFileTime
LocalUnlock
LocalLock
GlobalReAlloc
GlobalSize
GlobalFlags
SizeofResource
TlsAlloc
GlobalHandle
TlsFree
TlsSetValue
LocalReAlloc
TlsGetValue
GetCurrentDirectoryA
GetProcessVersion
GetCPInfo
GetOEMCP
GetFileSize
LocalFileTimeToFileTime
SystemTimeToFileTime
SetErrorMode
FindResourceExA
HeapReAlloc
RtlUnwind
GetTimeZoneInformation
GetLocalTime
GetSystemTimeAsFileTime
GetStartupInfoA
GetCommandLineA
ExitProcess
SetConsoleCtrlHandler
TerminateProcess
CreateThread
ExitThread
RaiseException
SetStdHandle
GetFileType
GetACP
HeapSize
LCMapStringA
LCMapStringW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetHandleCount
GetStringTypeA
GetStringTypeW
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
GetDriveTypeA
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
LeaveCriticalSection
DeleteFileA
LoadLibraryA
GetProcAddress
GetCurrentProcessId
OpenProcess
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
GetExitCodeThread
VirtualFreeEx
FreeLibrary
GetVersionExA
lstrcpyA
SetLastError
lstrlenA
SetEvent
ResumeThread
GetCurrentThread
GetCurrentProcess
LocalAlloc
LocalFree
CreateEventA
WaitForSingleObject
CloseHandle
GetVersion
CreateMutexA
GetLastError
GetModuleFileNameA
InterlockedExchange
GetProfileStringA
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
GetProcessHeap

advapi32

AccessCheck
IsValidSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
CreateServiceA
LookupAccountSidA
AddAccessAllowedAce
InitializeAcl
GetLengthSid
InitializeSecurityDescriptor
AllocateAndInitializeSid
DuplicateToken
OpenProcessToken
OpenThreadToken
EnumServicesStatusA
QueryServiceConfigA
DeleteService
EnumDependentServicesA
ControlService
OpenSCManagerA
OpenServiceA
StartServiceA
RegSetValueA
RegCreateKeyA
GetFileSecurityA
SetFileSecurityA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegDeleteKeyA
LookupAccountNameA
GetSidSubAuthority
FreeSid
QueryServiceStatus
CloseServiceHandle
LookupPrivilegeValueA
AdjustTokenPrivileges
RegQueryValueA
RegEnumValueA
RegEnumKeyA
IsTextUnicode
GetUserNameA
SetThreadToken
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
IsValidSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount

comctl32

ImageList_Draw
ImageList_AddMasked
ImageList_SetBkColor
ImageList_GetIcon
PropertySheetA
DestroyPropertySheetPage
CreatePropertySheetPageA
ImageList_Destroy
ImageList_Create
ImageList_LoadImageA

comdlg32

CommDlgExtendedError
FindTextA
ReplaceTextA
PrintDlgA
GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA

gdi32

CreateRectRgn
GetViewportExtEx
GetWindowExtEx
CreatePatternBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetTextMetricsA
GetCharWidthA
LPtoDP
StretchDIBits
CreateFontA
SetRectRgn
CombineRgn
GetNearestColor
GetTextColor
GetStretchBltMode
GetPolyFillMode
GetTextAlign
GetBkMode
GetROP2
GetTextFaceA
GetWindowOrgEx
EnumFontFamiliesExA
PatBlt
DeleteObject
CreateCompatibleDC
SelectObject
BitBlt
GetTextExtentPoint32A
GetStockObject
GetObjectA
GetTextExtentPointA
CreateDIBitmap
GetCurrentPositionEx
SetTextAlign
LineTo
MoveToEx
IntersectClipRect
ExcludeClipRect
SelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetStretchBltMode
GetBkColor
CreateSolidBrush
CreateCompatibleBitmap
CreatePen
GetDeviceCaps
DeleteDC
CreateDCA
CreateBitmap
GetClipBox
SetTextColor
SetBkColor
Rectangle
DPtoLP
GetViewportOrgEx
AbortDoc
EndDoc
EndPage
StartPage
StartDocA
SetAbortProc
CreateRectRgnIndirect
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
CreateFontIndirectA

iphlpapi

GetUdpTable
GetTcpTable
SetIpNetEntry
DeleteIpForwardEntry
CreateIpForwardEntry
GetBestRoute
SendARP
GetIpForwardTable
GetIpAddrTable

mpr

WNetEnumResourceA
WNetAddConnection2A
WNetOpenEnumA
WNetCancelConnection2A
WNetCloseEnum
WNetGetUserA
WNetConnectionDialog1A

netapi32

NetUseEnum
NetLocalGroupEnum
NetGroupEnum
NetShareEnum
NetUserEnum
NetUserGetInfo
NetServerEnum
NetApiBufferFree

odbc32

ole32

CoTaskMemFree

oleaut32

packet

PacketSetReadTimeout
PacketGetNetType
PacketGetStats
PacketGetVersion
PacketGetAdapterNames
PacketSendPacket
PacketAllocatePacket
PacketInitPacket
PacketReceivePacket
PacketFreePacket
PacketCloseAdapter
PacketOpenAdapter
PacketSetHwFilter
PacketSetBuff
PacketSetBpf
PacketRequest

rasapi32

RasGetEntryPropertiesA
RasEnumEntriesA

rpcrt4

RpcStringFreeA
UuidToStringA

shell32

ShellExecuteA
SHGetFileInfoA
DragFinish
DragQueryFileA
ExtractIconA
Shell_NotifyIconA

user32

GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetScrollInfo
GetScrollInfo
ScrollWindow
DeferWindowPos
AdjustWindowRectEx
MapWindowPoints
wvsprintfA
CharUpperA
LoadAcceleratorsA
TranslateAcceleratorA
DestroyMenu
SetMenu
ReuseDDElParam
UnpackDDElParam
BringWindowToTop
MapDialogRect
ClientToScreen
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
GetTabbedTextExtentA
IsClipboardFormatAvailable
FindWindowA
IsZoomed
AppendMenuA
DeleteMenu
LoadStringA
SetCursorPos
DrawMenuBar
DefMDIChildProcA
GetClassNameA
GetSysColorBrush
InvertRect
GetDCEx
CallWindowProcA
GetMenu
ModifyMenuA
GetDesktopWindow
MessageBeep
LoadCursorA
CopyIcon
GetWindowRect
GetParent
GetDC
ReleaseDC
InflateRect
GetSysColor
SetCursor
PtInRect
ReleaseCapture
InvalidateRect
SetCapture
GetClientRect
EnableMenuItem
IsWindow
SetWindowLongA
GetCursorPos
LoadMenuA
GetSubMenu
KillTimer
SetTimer
OemToCharA
EnumWindows
GetWindowLongA
EnumChildWindows
GetWindowThreadProcessId
SendMessageA
wsprintfA
MessageBoxA
DestroyCursor
SetScrollPos
RegisterHotKey
CharToOemA
GetTopWindow
IsChild
WinHelpA
GetPropA
GetClassInfoA
RegisterClassA
RemovePropA
GetMessageTime
GetForegroundWindow
RegisterWindowMessageA
IsIconic
GetWindowPlacement
SetFocus
ShowWindow
SetWindowPos
MoveWindow
GetDlgCtrlID
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
SendDlgItemMessageA
GetMenuCheckMarkDimensions
GetMenuState
SetMenuItemBitmaps
CheckMenuItem
GetMessageA
TranslateMessage
DispatchMessageA
GetKeyState
CallNextHookEx
ValidateRect
SetWindowsHookExA
GetLastActivePopup
ShowOwnedPopups
PostMessageA
GetNextDlgTabItem
EndDialog
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
DrawEdge
FrameRect
CopyRect
SetMenuDefaultItem
TrackPopupMenu
GetMenuItemID
IsRectEmpty
BeginDeferWindowPos
EndDeferWindowPos
SetRectEmpty
GetCapture
EqualRect
SetParent
WindowFromPoint
CreateCursor
GetAsyncKeyState
DrawIconEx
DestroyIcon
GetWindow
GetUpdateRect
ScreenToClient
IntersectRect
FillRect
LoadBitmapA
GetFocus
PeekMessageA
PostQuitMessage
SetForegroundWindow
RedrawWindow
IsWindowVisible
GetSystemMetrics
SystemParametersInfoA
GetSystemMenu
GetMessagePos
GetWindowDC
GetMenuItemCount
DefWindowProcA
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
UpdateWindow
IsWindowUnicode
CharNextA
DefDlgProcA
DrawFocusRect
ExcludeUpdateRgn
ShowCaret
HideCaret
UnregisterClassA
OffsetRect
LoadImageA
SetRect
LockWindowUpdate
LoadIconA
EnableWindow

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

wpcap

pcap_open_live
pcap_compile
pcap_close

ws2_32

WSASocketA
WSAIoctl

wsnmp32

Sections

UPX0
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b06461cbafd6b2e2bdfad6cb0a0d21b1

Headers

File Characteristics

Imports

kernel32

advapi32

comctl32

comdlg32

gdi32

iphlpapi

mpr

netapi32

odbc32

ole32

oleaut32

packet

rasapi32

rpcrt4

shell32

user32

winspool.drv

wpcap

ws2_32

wsnmp32

Sections

UPX0 Size: 2.4MB - Virtual size: 2.4MB

.rsrc Size: 11KB - Virtual size: 12KB

.avc Size: 13KB - Virtual size: 16KB

UPX0
Size: 2.4MB - Virtual size: 2.4MB

.rsrc
Size: 11KB - Virtual size: 12KB

.avc
Size: 13KB - Virtual size: 16KB