bc5d1a40a770a6767ac0226dc74a2698_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bc5d1a40a770a6767ac0226dc74a2698_JaffaCakes118
Size

284KB
MD5

bc5d1a40a770a6767ac0226dc74a2698
SHA1

2c031e0304a3903a3bb65579919808f6c9a86657
SHA256

19272cd8a0f560c9bb87f9be407e6c5b0209ef70187ee2d06463fc2ff46204d5
SHA512

a0a53b411797c1f43a732a1f13b2a0456f202a4d8cbb3bd725ca47ee42a0c0e306dbc7eba61e2a3f150d73c88f45b0e4d999b9b21971ddbf2fc04297c59a1fa7
SSDEEP

6144:0sjl0bu+NxjV4tQhyHJfpdp8G5xOZ1sx1SCyUR++NZLo+zZR:Tjl0p99YJPp8G54+SRaL1zZR

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bc5d1a40a770a6767ac0226dc74a2698_JaffaCakes118

Files

bc5d1a40a770a6767ac0226dc74a2698_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e1d4718531a779a8d41d1fd888af078f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mobsync.pdb

Imports

msvcrt

__argc
__argv
toupper
_ftol
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
strncpy
_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
wcscmp
_except_handler3

advapi32

RegQueryValueExW
RegQueryValueExA
RegEnumKeyW
RegEnumKeyA
RegOpenKeyExW
RegOpenKeyExA
GetUserNameW
GetUserNameA
RegCreateKeyExW
RegCreateKeyExA
RegSetValueExW
RegSetValueExA
RegCloseKey
OpenThreadToken
OpenProcessToken

kernel32

LocalReAlloc
GetStartupInfoA
GetModuleHandleA
lstrcpynA
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
LeaveCriticalSection
EnterCriticalSection
WaitForMultipleObjects
WaitForSingleObject
GetTickCount
CloseHandle
GetLastError
SetEvent
FormatMessageW
InitializeCriticalSection
CreateThread
GetCurrentProcess
SetEnvironmentVariableW
GetCurrentThread
GetSystemDefaultLangID
GetVersionExA
FileTimeToSystemTime
FileTimeToLocalFileTime
InterlockedExchange
MultiByteToWideChar
lstrlenA
DuplicateHandle
FreeLibrary
GetProcAddress
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
DeleteCriticalSection
LocalAlloc
LocalFree
TerminateThread
WideCharToMultiByte
GetUserDefaultLCID
AreFileApisANSI
IsBadReadPtr
SetLastError
LoadLibraryA
LoadLibraryW
CreateEventA
CreateEventW
GetDateFormatA
GetDateFormatW
GetTimeFormatA
GetTimeFormatW
FormatMessageA

gdi32

SetTextColor
GetTextExtentPointW
GetTextExtentPointA
CreateFontIndirectW
CreateFontIndirectA
SetBkColor
SelectObject
RestoreDC
DeleteObject
GetObjectA
SaveDC

user32

RegisterWindowMessageA
WinHelpW
WinHelpA
SetWindowTextW
SetWindowTextA
FindWindowW
FindWindowA
AttachThreadInput
DispatchMessageA
TranslateMessage
IsDialogMessageA
PeekMessageA
MsgWaitForMultipleObjects
PostMessageA
GetMessageA
wsprintfW
DestroyWindow
PostQuitMessage
SetWindowLongA
GetWindowLongA
LoadCursorA
LoadIconA
DefDlgProcA
DefDlgProcW
SendMessageA
SetFocus
EnableWindow
GetFocus
IsWindowEnabled
GetDlgItem
UpdateWindow
SetForegroundWindow
ShowWindow
SystemParametersInfoA
GetClientRect
GetSystemMetrics
SetWindowPos
MapWindowPoints
GetWindowRect
DrawAnimatedRects
EndPaint
DrawIcon
BeginPaint
InvalidateRect
SetTimer
KillTimer
IsWindowVisible
DrawFocusRect
FillRect
GetSysColor
ReleaseDC
SetRect
GetDC
RedrawWindow
CallWindowProcW
SetCursor
GetParent
GetUserObjectInformationW
GetThreadDesktop
GetProcessWindowStation
DefWindowProcA
DefWindowProcW
LoadStringA
LoadStringW
FindWindowExW
RegisterWindowMessageW
CreateWindowExA
CreateWindowExW
CreateDialogParamA
CreateDialogParamW
RegisterClassA
RegisterClassW
MessageBoxA
MessageBoxW
SendMessageW
DrawTextA
DrawTextW
FindWindowExA

ole32

CoRegisterClassObject
StringFromGUID2
CLSIDFromString
CoInitializeEx
CoRevokeClassObject
CoInitialize
CoFreeUnusedLibraries
CoUninitialize
CoCreateInstance
CoTaskMemFree

comctl32

ImageList_Create
ImageList_Draw
ImageList_LoadImageW
ImageList_ReplaceIcon
InitCommonControlsEx

mobsync

RegGetSchedConnectionName
RegSetUserDefaults
RegGetSyncSettings
RegGetHandlerTopLevelKey
RegSchedHandlerItemsChecked
RegQueryLoadHandlerOnEvent
RegGetHandlerRegistrationInfo
RegGetSyncItemSettings
RegRemoveManualSyncSettings
RegSetSyncItemSettings
RegSetProgressDetailsState
RegGetProgressDetailsState
MobsyncGetClassObject
DisplayOptions
RegGetSchedSyncSettings

Sections

.text
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e1d4718531a779a8d41d1fd888af078f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

gdi32

user32

ole32

comctl32

mobsync

Sections

.text Size: 85KB - Virtual size: 85KB

.data Size: 512B - Virtual size: 932B

.rsrc Size: 53KB - Virtual size: 52KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 85KB - Virtual size: 85KB

.data
Size: 512B - Virtual size: 932B

.rsrc
Size: 53KB - Virtual size: 52KB

UPX0
Size: 144KB - Virtual size: 380KB