c81bf77d0941bcd625fff5d2b4f77c0a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c81bf77d0941bcd625fff5d2b4f77c0a_JaffaCakes118
Size

231KB
MD5

c81bf77d0941bcd625fff5d2b4f77c0a
SHA1

261a63eab2396cfca185fda2c97bd754c754371c
SHA256

ac14462fa87372c433c4b9b599b01a9c4cdb146e048489be429831d4bc763a58
SHA512

c0eb23ac896e3e2eed4f5a110325418b79c34d9b97a1ae9ab77f82abccbca8901735d6723294a4b856b637008084af97c38a0cf8516a86c69ed77bb799c741bd
SSDEEP

3072:J2kvwRj+omjgjHygjF/Q19oOKIydR3/pSdGNjfUhasdlgY2QJ5xH/5o0TpDO:JAAwmxjYdOGNjfUQsjgHQJD/

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c81bf77d0941bcd625fff5d2b4f77c0a_JaffaCakes118

Files

c81bf77d0941bcd625fff5d2b4f77c0a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2ae2e48364d2d43027decf437012b9a4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

smlogsvc.pdb

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
ReportEventW
RegSetValueExW
SetServiceStatus
RegEnumKeyExW
QueryTraceW
CreateProcessAsUserW
UpdateTraceW
DeregisterEventSource
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
RegisterEventSourceW
ControlService
CloseServiceHandle
OpenServiceW
OpenSCManagerW
StopTraceW
EnableTrace
StartTraceW
WmiNotificationRegistrationW

kernel32

FormatMessageW
LoadLibraryW
lstrcpyW
HeapFree
lstrlenW
HeapAlloc
GetProcessHeap
CloseHandle
GetLastError
CreateFileW
SetErrorMode
ExpandEnvironmentStringsW
SystemTimeToFileTime
GetLocalTime
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
lstrcmpiW
CreateDirectoryW
GetFullPathNameW
lstrcpynW
CreateProcessW
SetEvent
CreateThread
CreateEventW
GetSystemTimeAsFileTime
DeleteCriticalSection
WaitForMultipleObjects
ResetEvent
Sleep
InitializeCriticalSection
FreeLibrary
lstrcatW
SetLastError
SetThreadPriority
GetCurrentThread
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCommandLineA
GetVersionExA
WideCharToMultiByte
ExitProcess
GetProcAddress
GetModuleHandleA
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
VirtualProtect
GetSystemInfo
VirtualQuery
MultiByteToWideChar
LCMapStringA
LCMapStringW
RtlUnwind
InterlockedExchange
LoadLibraryA
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetFilePointer
SetStdHandle
FlushFileBuffers
GetModuleHandleW

user32

LoadStringW

ntdll

NtWaitForSingleObject
NtWaitForMultipleObjects

netapi32

NetMessageBufferSend

shlwapi

ord439

pdh

PdhPlaGetLogFileNameW
PdhPlaGetInfoW
PdhiPlaRunAs
PdhSetDefaultRealTimeDataSource
PdhAddCounterW
PdhAdd009CounterW
PdhGetFormattedCounterValue
PdhCollectQueryData
PdhCloseQuery
PdhOpenQueryH
PdhGetLogFileSize
PdhCloseLog
PdhUpdateLogW
PdhOpenLogW
PdhExpandWildCardPathW
PdhParseCounterPathW
PdhTranslateLocaleCounterW
PdhiPlaFormatBlanksW

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2ae2e48364d2d43027decf437012b9a4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

ntdll

netapi32

shlwapi

pdh

Sections

.text Size: 66KB - Virtual size: 65KB

.data Size: 2KB - Virtual size: 8KB

.rsrc Size: 18KB - Virtual size: 17KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 66KB - Virtual size: 65KB

.data
Size: 2KB - Virtual size: 8KB

.rsrc
Size: 18KB - Virtual size: 17KB

UPX0
Size: 144KB - Virtual size: 380KB