c8cede55f4c3ddf39bf41aba26c8e8fe_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c8cede55f4c3ddf39bf41aba26c8e8fe_JaffaCakes118
Size

248KB
MD5

c8cede55f4c3ddf39bf41aba26c8e8fe
SHA1

2119ee7f99caef0c2809bf441ec0ae337a68fdb0
SHA256

c1a27e8f634ffa2aacd446e90bd1e1101252286accc67b934289b2b7d967e116
SHA512

5ff0ebfb8905f2be0118a5785e420a740ef34604fea1b566c189eacf7520599f2fd2275051b74c9f4617d341c0be8e38407efdf68919640982fb33f565a3d963
SSDEEP

6144:Z4gN/wkSOSAiw3DuWQe1GXKz2hKDWfLt0Mocm/Vb:GgtwCPiwChK0LLocmx

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c8cede55f4c3ddf39bf41aba26c8e8fe_JaffaCakes118

Files

c8cede55f4c3ddf39bf41aba26c8e8fe_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2a0c7f8389affccb7626c67ee6702ea9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

sqlwoa

_MessageBox@16
_SendMessage@16
_MAKEINTRESOURCE@4
_FindResource@12
_SetWindowText@8
_CreateFontIndirect@4
_LoadLibrary@4
_GetComputerName@8
_LoadString@16
_DefWindowProc@16
_CreateFile@28

sqlwid

GetProcAddress_

sqlswa

?_WriteFileS@@YAHPAXPBXKPAKPAU_OVERLAPPED@@@Z

kernel32

WideCharToMultiByte
CreateThread
GetVersion
FreeLibrary
SetErrorMode
lstrcpynW
HeapAlloc
GetModuleFileNameW
WriteFile
GetPrivateProfileStringW
GetCommandLineW
LoadLibraryW
lstrcatW
lstrcpyW
GetProcAddress
lstrlenW
CreateFileW
WaitForSingleObject
lstrlenA
LoadLibraryA
LockResource
CreateEventA
OpenEventA
UnmapViewOfFile
MapViewOfFile
SetLastError
GetLastError
LoadResource
DeleteFileW
GetShortPathNameW
CopyFileW
GetModuleHandleA
LocalFree
FormatMessageA
LoadLibraryExA
lstrcatA
GetModuleFileNameA
GlobalFree
GlobalAlloc
GetVersionExA
SetFilePointer
SetStdHandle
FlushFileBuffers
GetLocaleInfoW
GetLocaleInfoA
GetFileType
GetStringTypeA
IsBadCodePtr
IsBadWritePtr
IsBadReadPtr
SetUnhandledExceptionFilter
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
Sleep
GetExitCodeThread
CloseHandle
HeapFree
GetProcessHeap
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryA
GetStringTypeW
GetStdHandle
SetHandleCount
GetOEMCP
GetACP
GetCPInfo
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LCMapStringW
LCMapStringA
MultiByteToWideChar
InterlockedDecrement
ExitProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetCommandLineA
GetStartupInfoA
InterlockedIncrement
RtlUnwind

user32

TranslateMessage
wsprintfA
wsprintfW
GetDesktopWindow
GetClientRect
ClientToScreen
MoveWindow
GetWindowRect
GetSystemMetrics
SetWindowPos
DestroyWindow
PostQuitMessage
SetWindowTextA
GetDlgItem
ShowWindow
UpdateWindow
LoadIconA
LoadCursorA
RegisterClassExA
MessageBoxA

gdi32

DeleteObject

advapi32

FreeSid
OpenSCManagerW
RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
QueryServiceConfigW
ChangeServiceConfigW
CreateServiceW
EnumDependentServicesW
StartServiceW
ControlService
DeleteService
QueryServiceStatus
AllocateAndInitializeSid
LookupAccountSidW
OpenServiceW
CloseServiceHandle

odbc32

ord75
ord145
ord23
ord150
ord135
ord136
ord9
ord111
ord31
ord24
ord141

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 32KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.nkh
Size: - Virtual size: 1B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2a0c7f8389affccb7626c67ee6702ea9

Headers

File Characteristics

Imports

sqlwoa

sqlwid

sqlswa

kernel32

user32

gdi32

advapi32

odbc32

Sections

.text Size: 52KB - Virtual size: 50KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 32KB - Virtual size: 37KB

.rsrc Size: 8KB - Virtual size: 5KB

.nkh Size: - Virtual size: 1B

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 52KB - Virtual size: 50KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 32KB - Virtual size: 37KB

.rsrc
Size: 8KB - Virtual size: 5KB

.nkh
Size: - Virtual size: 1B

UPX0
Size: 144KB - Virtual size: 380KB