bbdbdb744b852cb06d172dc93c736d16_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bbdbdb744b852cb06d172dc93c736d16_JaffaCakes118
Size

183KB
MD5

bbdbdb744b852cb06d172dc93c736d16
SHA1

8d4513f381a4ca4484bc129fd1313a815a8e4b24
SHA256

87fb95ff3c73275b99589cac8907f0c68b4f26f6a5f0cdac8a15bf19732df59b
SHA512

8cb0e5c4be74a48c2cf5be8fdacffdf29b492b5bf5aaf4b872ef01a7c4d15a45c09fdf2f4ba39b7abb0632efc086d32ca50c6102009c59c4f32ff73ef18e6095
SSDEEP

3072:djupoTRc7cYbvW6gXTR++KUT8sUbR9VbBEh9J4scTHxK:djupoTi7tbW6gjgbUT8ft9VlEQHxK

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bbdbdb744b852cb06d172dc93c736d16_JaffaCakes118

Files

bbdbdb744b852cb06d172dc93c736d16_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

4ec47f764f302c71ed01ad5b299dba75

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LocalFree
FindFirstFileA
FindNextFileA
MulDiv
GetVersionExA
GetVersion
GetLastError
lstrcmpA
FreeLibrary
lstrcpynA
lstrcpyA
lstrcatA
LoadLibraryA
GetProcAddress
WriteFile
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
CreateThread
ResumeThread
GetWindowsDirectoryA
lstrlenA
GetSystemDirectoryA
GetUserDefaultLangID
OpenFile
CreateFileA
GetFileSize
ReadFile
CloseHandle
Sleep
CopyFileA
GetModuleFileNameA
DeleteFileA
GetLocaleInfoA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegEnumKeyExA
RegDeleteValueA

crypt32

CertOpenSystemStoreA
CertCloseStore

gdi32

GetDeviceCaps
DeleteObject
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontA
CreateSolidBrush
SetTextColor
SetBkColor
BitBlt

mfc42

msvcrt

fopen
_ftol
rand
__CxxFrameHandler
??1type_info@@UAE@XZ
_strcmpi
_wcsicmp
_strlwr
_CxxThrowException
atoi
_mbscmp
free
sprintf
realloc
strstr
printf
asctime
localtime
__dllonexit
_onexit
_except_handler3
srand
?terminate@@YAXXZ
_initterm
malloc
atof
time
fclose
fputs
_adjust_fdiv

ole32

CoInitialize
CoCreateInstance

oleaut32

olepro32

shell32

ShellExecuteA

shlwapi

SHDeleteKeyA

user32

FindWindowExA
CallWindowProcA
SetWindowLongA
SetForegroundWindow
GetDlgItemTextA
MessageBoxW
MessageBoxA
GetParent
PostMessageA
IsWindow
SetWindowTextA
EndDialog
SendMessageA
GetDlgItem
ShowWindow
SetDlgItemTextA
ReleaseDC
ScreenToClient
ClientToScreen
GetCursorPos
GetDesktopWindow
GetWindowRect
SetWindowPos
IsCharAlphaNumericA
wsprintfA
EnableWindow
GetSystemMetrics
DialogBoxParamA
GetDC
GetWindowDC

wininet

FtpFindFirstFileA
InternetWriteFile
FtpCreateDirectoryA
InternetCloseHandle
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
FtpOpenFileA
InternetFindNextFileA
InternetOpenUrlA
InternetReadFile

ws2_32

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

UPX0
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4ec47f764f302c71ed01ad5b299dba75

Headers

File Characteristics

Imports

kernel32

advapi32

crypt32

gdi32

mfc42

msvcrt

ole32

oleaut32

olepro32

shell32

shlwapi

user32

wininet

ws2_32

Exports

Exports

Sections

UPX0 Size: 176KB - Virtual size: 176KB

.rsrc Size: 3KB - Virtual size: 4KB

.avc Size: 3KB - Virtual size: 4KB

UPX0
Size: 176KB - Virtual size: 176KB

.rsrc
Size: 3KB - Virtual size: 4KB

.avc
Size: 3KB - Virtual size: 4KB