bb291a5129168618817fd04d28bb0cf7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bb291a5129168618817fd04d28bb0cf7_JaffaCakes118
Size

201KB
MD5

bb291a5129168618817fd04d28bb0cf7
SHA1

c67e170cccc14485adc8d5954a63e50085524863
SHA256

61a90c31a1fb6343579a614f3e80515ed9e07dbffd1236be7a44b18c233c0b2e
SHA512

879c61765dd48a9a7cf533e656c4eb8f333e461e61e00cbc95d75a568893e40b3398482b7689b389888e3852f5c61c20bc1729f893b4c46ee1fc8f641d7b1887
SSDEEP

3072:JgTCnVlkHCSoX9fOrOYe+tHFNhvmbPSNWE1S/T84hezXaT:J4uk/KBOr9e09mbPSNWE1SI4C

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bb291a5129168618817fd04d28bb0cf7_JaffaCakes118

Files

bb291a5129168618817fd04d28bb0cf7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7d75cf91167e263e1e864260b00750cf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

PDB Paths

spoolsv.pdb

Imports

advapi32

RegisterServiceCtrlHandlerExW
OpenThreadToken
CheckTokenMembership
StartServiceCtrlDispatcherW
SetServiceStatus
RegQueryValueExW
AllocateAndInitializeSid
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
GetLengthSid
InitializeAcl
AddAccessAllowedAce
AddAccessDeniedAce
GetAce
SetSecurityDescriptorDacl
GetSecurityDescriptorLength
MakeSelfRelativeSD
RegDisablePredefinedCache
RegOpenKeyExW
RegCloseKey

gdi32

bMakePathNameW
GdiInitSpool
GdiGetSpoolMessage

kernel32

GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetTickCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleA
QueryPerformanceCounter
GetModuleHandleW
GetCurrentProcess
GetSystemDirectoryW
FreeLibrary
InterlockedExchange
InitializeCriticalSection
ExitThread
CloseHandle
WaitForSingleObject
CreateEventW
CreateThread
ExitProcess
Sleep
OpenEventW
GetLastError
LoadLibraryA
LocalFree
LocalAlloc
SetEvent
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetCurrentThread
CreateFileW
CompareStringW
OpenProcess
InterlockedIncrement
RaiseException
InterlockedDecrement
GetProcAddress

msvcrt

_XcptFilter
_c_exit
__initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_exit
_except_handler3
wcsrchr
_stricmp
_wcsnicmp
wcslen
wcschr

ntdll

RtlValidRelativeSecurityDescriptor

rpcrt4

RpcServerRegisterIf2
I_RpcBindingInqTransportType
I_RpcBindingIsClientLocal
I_RpcSessionStrictContextHandle
RpcRaiseException
RpcImpersonateClient
RpcRevertToSelf
NdrServerCall2
RpcServerUseProtseqEpA
I_RpcSsDontSerializeContext
RpcMgmtSetServerStackSize
RpcServerListen

Exports

Exports

YDriverUnloadComplete
YEndDocPrinter
YFlushPrinter
YGetPrinter
YGetPrinterDriver2
YGetPrinterDriverDirectory
YReadPrinter
YSeekPrinter
YSetJob
YSetPort
YSplReadPrinter
YWritePrinter

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7d75cf91167e263e1e864260b00750cf

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

gdi32

kernel32

msvcrt

ntdll

rpcrt4

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 47KB

.data Size: 5KB - Virtual size: 4KB

.rsrc Size: 3KB - Virtual size: 3KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 48KB - Virtual size: 47KB

.data
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 3KB - Virtual size: 3KB

UPX0
Size: 144KB - Virtual size: 380KB