c00558bb545acd572fa5a340a00c2edc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c00558bb545acd572fa5a340a00c2edc_JaffaCakes118
Size

348KB
MD5

c00558bb545acd572fa5a340a00c2edc
SHA1

427ccdd0b99d78793d30fbbb862cf627d7f44878
SHA256

1cf8cb64bf5a7c643d831c8aa61acb29ef37b263a007803c694ea677f39ce0f7
SHA512

4009f5d4f0e48b6603ce1f5279347087f00215e8fb7c5476a32a96f48fc7952952ec28efe970539aa2569bb4d55445790d1c68edc22389c57ad288b480d4a559
SSDEEP

3072:W5IUSuZYD+9gh+Qrx2vl2UC/UwyJPsG0VSf9:rwO+qov0U6UwyJPs2f9

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c00558bb545acd572fa5a340a00c2edc_JaffaCakes118

Files

c00558bb545acd572fa5a340a00c2edc_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

c5241494524138d1c534460487b51ae3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
DisableThreadLibraryCalls
GetWindowsDirectoryA
lstrlenW
GetExitCodeThread
WaitForSingleObject
GetModuleFileNameA
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
IsDBCSLeadByte
GetShortPathNameA
GetLastError
TerminateThread
FlushInstructionCache
GetCurrentProcess
FreeResource
GlobalHandle
LockResource
GlobalUnlock
GlobalLock
ExitThread
GetLocalTime
GetSystemDirectoryA
GetTickCount
LocalReAlloc
LocalSize
GetVersionExA
CreateDirectoryA
LocalAlloc
CreateFileA
WriteFile
CopyFileA
LoadLibraryA
GetProcAddress
OpenProcess
DeleteFileA
FreeLibrary
lstrcpynA
TerminateProcess
CloseHandle
lstrcmpiA
CreateThread
Sleep
GlobalFree
GlobalAlloc
lstrcmpA
lstrcpyA
lstrcatA
OutputDebugStringA
HeapDestroy
GetCurrentThreadId
LeaveCriticalSection
FormatMessageA
LocalFree
InitializeCriticalSection
EnterCriticalSection
DeleteCriticalSection
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
lstrlenA
MultiByteToWideChar

advapi32

RegCreateKeyExA
RegEnumValueA
RegQueryInfoKeyA
RegDeleteValueA
RegCloseKey
RegDeleteKeyA
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyExA

gdi32

CreateSolidBrush
DeleteDC
BitBlt
GetDIBits
SetBkColor
GetObjectA
DeleteObject
SetBkMode
SetTextColor
SelectObject
GetStockObject
Rectangle
CreateCompatibleDC
CreateCompatibleBitmap
GetDeviceCaps
DeleteMetaFile
CloseMetaFile
CreateRectRgnIndirect
SetWindowExtEx
SetWindowOrgEx
RestoreDC
CreateMetaFileA
SetViewportOrgEx
SaveDC
LPtoDP
CreateDCA
SetMapMode
SetViewportExtEx

msvcrt

free
realloc
malloc
srand
rand
_ftol
pow
strcmp
time
strchr
fopen
fwrite
fclose
strstr
_CxxThrowException
atoi
_ismbcdigit
_mbsnbcmp
strrchr
_mbscmp
_mbclen
vsprintf
_mbsrchr
memmove
_mbsinc
memset
_mbschr
__CxxFrameHandler
wcslen
memcpy
??3@YAXPAX@Z
??2@YAPAXI@Z
_itoa
_purecall
memcmp
_onexit
abs
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
_initterm
_adjust_fdiv
sprintf
strlen

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
OleRegEnumVerbs
OleRegGetUserType
OleRegGetMiscStatus
CLSIDFromProgID
CreateDataAdviseHolder
OleInitialize
OleLockRunning
CLSIDFromString
StringFromCLSID
CreateOleAdviseHolder
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CreateStreamOnHGlobal
OleUninitialize

oleaut32

rasapi32

RasEnumDevicesA
RasDialA
RasHangUpA
RasGetErrorStringA
RasSetEntryPropertiesA
RasGetEntryPropertiesA
RasGetConnectStatusA
RasEnumConnectionsA

shell32

ShellExecuteA

tapi32

lineNegotiateAPIVersion
lineInitialize
lineGetCallInfoA
lineOpenA
lineGetNewCalls
lineShutdown

urlmon

CreateURLMoniker

user32

CharUpperBuffA
GetDlgItem
GetSysColor
EnumWindows
GetSystemMetrics
GetDlgItemTextA
GetKeyState
PtInRect
GetDesktopWindow
GetWindowRect
FindWindowA
OpenClipboard
GetClipboardData
CloseClipboard
GetOpenClipboardWindow
GetDC
LoadStringA
CharLowerA
SetWindowTextA
EnableWindow
IsWindow
MessageBoxA
wsprintfA
EqualRect
OffsetRect
IsDialogMessageA
GetNextDlgTabItem
UnionRect
SendMessageA
GetClassNameA
GetWindow
GetParent
IsChild
GetFocus
SetWindowLongA
CreateDialogIndirectParamA
RegisterClassExA
LoadCursorA
GetClassInfoExA
EnumChildWindows
CharNextA
SetWindowRgn
InvalidateRgn
GetWindowTextA
GetWindowTextLengthA
ShowWindow
DrawTextA
SetTimer
KillTimer
DefWindowProcA
GetWindowThreadProcessId
DialogBoxParamA
MoveWindow
EndDialog
SetDlgItemTextA
SetActiveWindow
PostMessageA
IntersectRect
RegisterWindowMessageA
GetWindowLongA
RedrawWindow
SetWindowPos
InvalidateRect
SetCapture
ReleaseCapture
CreateWindowExA
DestroyWindow
CreateAcceleratorTableA
FillRect
BeginPaint
GetClientRect
SetFocus
EndPaint
ReleaseDC
CallWindowProcA

wininet

GetUrlCacheEntryInfoA
InternetSetOptionA
DeleteUrlCacheEntry

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ManageMC
Navigate
SpecialFunc

Sections

UPX0
Size: 324KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.avp
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c5241494524138d1c534460487b51ae3

Headers

File Characteristics

Imports

kernel32

advapi32

gdi32

msvcrt

ole32

oleaut32

rasapi32

shell32

tapi32

urlmon

user32

wininet

Exports

Exports

Sections

UPX0 Size: 324KB - Virtual size: 324KB

.rsrc Size: 17KB - Virtual size: 20KB

.avp Size: 6KB - Virtual size: 8KB

UPX0
Size: 324KB - Virtual size: 324KB

.rsrc
Size: 17KB - Virtual size: 20KB

.avp
Size: 6KB - Virtual size: 8KB