c079f0c4a06a49822d415944c05b8e16_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c079f0c4a06a49822d415944c05b8e16_JaffaCakes118
Size

385KB
MD5

c079f0c4a06a49822d415944c05b8e16
SHA1

2133a60c16764f9c121a12eefccdce5362f47a8e
SHA256

4942de0b6f118f098d500700676ce807f74801f000f299bc8b88cbfed350678c
SHA512

e07bb21cca89f78b1068fc26b32964b10a1323d1c1f90e15f575528f68125b53252c64a9ee0f225c0cdefce119af5eb871a2e57c27ff5ca34f56fe64344c5ebc
SSDEEP

6144:zT9wYBq34I/rYJD2g4NSYZPpO/h4n0z7RxT5yE6mbV6zxX:lPO4IEJ2UYZRkh40XRjyf

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c079f0c4a06a49822d415944c05b8e16_JaffaCakes118

Files

c079f0c4a06a49822d415944c05b8e16_JaffaCakes118
.exe windows:5 windows x86 arch:x86

cfe36144714e312cf9f42b4d955f099c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\proteus_2.0.2_Release\b1\obj\jaucheck\Release\jaucheck.pdb

Imports

shlwapi

PathIsURLA

wininet

InternetCloseHandle

urlmon

URLDownloadToFileA

crypt32

CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringW
CertCloseStore
CryptMsgClose
CryptQueryObject

kernel32

lstrlenA
CloseHandle
GetLastError
MultiByteToWideChar
GetTempPathA
CreateProcessA
WideCharToMultiByte
lstrlenW
CreateFileA
ReadFile
Sleep
lstrcmpA
IsValidLocale
EnumSystemLocalesA
GetStringTypeA
GetStringTypeW
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileW
SetEndOfFile
GetProcessHeap
CompareStringA
CompareStringW
SetEnvironmentVariableA
CreateMutexA
ExitProcess
GetLocaleInfoA
GetUserDefaultLCID
GetCurrentProcessId
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
GetModuleHandleA
HeapAlloc
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
GetCommandLineA
RaiseException
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetTimeZoneInformation
WriteFile
GetModuleFileNameA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
SetFilePointer
FlushFileBuffers
GetACP
GetOEMCP
IsValidCodePage
GetFullPathNameA
GetCurrentDirectoryA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount

user32

wsprintfA

advapi32

CryptGetHashParam
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA
RegSetValueExA
RegDeleteValueA
RegQueryValueExA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
CryptDestroyHash

ole32

CoCreateInstance
CoInitialize
CoUninitialize
CLSIDFromString

Sections

.text
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

cfe36144714e312cf9f42b4d955f099c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

shlwapi

wininet

urlmon

crypt32

kernel32

user32

advapi32

ole32

Sections

.text Size: 162KB - Virtual size: 161KB

.rdata Size: 28KB - Virtual size: 28KB

.data Size: 6KB - Virtual size: 14KB

.rsrc Size: 31KB - Virtual size: 31KB

.reloc Size: 11KB - Virtual size: 11KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 162KB - Virtual size: 161KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 6KB - Virtual size: 14KB

.rsrc
Size: 31KB - Virtual size: 31KB

.reloc
Size: 11KB - Virtual size: 11KB

UPX0
Size: 144KB - Virtual size: 380KB