b7e5c521f385d0d7c5d2280a582417c9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b7e5c521f385d0d7c5d2280a582417c9_JaffaCakes118
Size

73KB
MD5

b7e5c521f385d0d7c5d2280a582417c9
SHA1

399c7ca39ecfeef827c8cd55da565521b4be3d4c
SHA256

0b0e8cbe8b2451b1617cbe7e673c846ce8b0a26cb3f3a44579c6e1f7c025db59
SHA512

ea2f86080fb3bf54621b6df1283310253b58c25f96e53e08d45557241f0be6c7f770a96da49dce47d3a5918fa3d6987dc8be202358084fb95b54e49ba5dc82e3
SSDEEP

768:we/5yXGZQDFR6Rhznu4jL+koTvDZMGHZdDS+eL3AS3JOLD0qBhBJConoLm5:weBwGk6sU+BT7ZMwSl3IDnBoonom

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b7e5c521f385d0d7c5d2280a582417c9_JaffaCakes118

Files

b7e5c521f385d0d7c5d2280a582417c9_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

1f7cc7114e18f37500941606e2cfcf45

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
MultiByteToWideChar
DisableThreadLibraryCalls
GetSystemInfo
HeapCreate
GetShortPathNameA
GetModuleHandleA
GetModuleFileNameA
FreeLibrary
LoadLibraryExA
lstrcmpiA
lstrcpynA
lstrlenA
lstrlenW
FindResourceA
EnterCriticalSection
HeapDestroy
DeleteCriticalSection
GetProcAddress
LoadLibraryA
lstrcatA
InterlockedIncrement
InterlockedDecrement
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
IsDBCSLeadByte
SizeofResource
LoadResource
DebugBreak
LockResource
CreateFileA
WriteFile
LeaveCriticalSection
InitializeCriticalSection
SetEndOfFile
CreateProcessA
HeapAlloc
HeapReAlloc
HeapFree
GetLastError
CloseHandle
GetVersionExA
lstrcpyA
GetTempFileNameA
GetTempPathA

advapi32

RegOpenKeyExA
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA

gdi32

SetMapMode
CreateDCA
GetDeviceCaps
LPtoDP
SetViewportOrgEx
SaveDC
DeleteDC
SetWindowOrgEx
RestoreDC

ole32

CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree

oleaut32

user32

EndPaint
DefWindowProcA
IsChild
GetClassInfoExA
LoadCursorA
GetFocus
CreateWindowExA
CallWindowProcA
GetWindowLongA
SetWindowLongA
DestroyWindow
BeginPaint
GetClientRect
ReleaseDC
CharNextA
RegisterClassExA
wsprintfA
GetDC

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1f7cc7114e18f37500941606e2cfcf45

Headers

File Characteristics

Imports

kernel32

advapi32

gdi32

ole32

oleaut32

user32

Exports

Exports

Sections

UPX0 Size: 60KB - Virtual size: 60KB

.rsrc Size: 5KB - Virtual size: 8KB

.avp Size: 2KB - Virtual size: 4KB

UPX0
Size: 60KB - Virtual size: 60KB

.rsrc
Size: 5KB - Virtual size: 8KB

.avp
Size: 2KB - Virtual size: 4KB