c98f5911027bd9f9663e0edc3d2ca33d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

c98f5911027bd9f9663e0edc3d2ca33d_JaffaCakes118
Size

176KB
MD5

c98f5911027bd9f9663e0edc3d2ca33d
SHA1

5e31ad3eb8371a62900daa3b211f4744db4177aa
SHA256

8bc4bae4d36b590015d8d00b0516c32bf6f2cf3ed40b449e91a1b13ab6441f2f
SHA512

4174ed5eeabe62347b2c146023051fb1c26c98c4b39d3aa2ebf22d4a5c2040187bb21ac615202c13fe842fe094818959d2aaad6bfe2fd0cea154cc798de8fec0
SSDEEP

3072:UjcW+9O+wo6V+cbUCzdb/S5xqSy9rIqlUUlC5+nTqFTtWhCa7O69OuhBMMnO:H79lwLV+chzdKi9rDUUo5+nTqhtWhB+p

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c98f5911027bd9f9663e0edc3d2ca33d_JaffaCakes118

Files

c98f5911027bd9f9663e0edc3d2ca33d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d2cec7d4f1161fe004687a4309724e58

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mnmsrvc.pdb

Imports

msvcrt

_adjust_fdiv
??3@YAXPAX@Z
??2@YAPAXI@Z
_c_exit
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
exit
__setusermatherr
_initterm
__getmainargs
__initenv
_cexit
_XcptFilter
_exit

advapi32

RegOpenKeyExA
RegCreateKeyA
RegOpenKeyA
RegisterEventSourceA
RegSetValueExA
RegCloseKey
RegCreateKeyExA
DeregisterEventSource
ReportEventA
RegDeleteValueA
RegFlushKey
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
DeleteService
OpenSCManagerA
RegQueryValueExA
SetServiceStatus
CloseServiceHandle
ChangeServiceConfigA
QueryServiceStatus
ControlService
OpenServiceA
CreateServiceA

kernel32

lstrcatA
CloseHandle
GetProcAddress
GetModuleHandleA
OpenEventA
Sleep
GetLastError
FreeLibrary
CompareStringA
GetVersionExA
CreateProcessA
GetSystemDirectoryA
OpenProcess
GetCurrentProcessId
CreateEventA
GetTickCount
SetEvent
SetConsoleCtrlHandler
InterlockedDecrement
MultiByteToWideChar
WideCharToMultiByte
lstrcpyA
GetComputerNameA
lstrlenA
SetCurrentDirectoryA
AddAtomA
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
lstrcpynA
LoadLibraryExA
InterlockedIncrement
GetModuleFileNameA

user32

SetForegroundWindow
GetForegroundWindow
CreateWindowExA
EnableMenuItem
GetSubMenu
LoadMenuA
GetCursorPos
SetFocus
LoadIconA
RegisterClassA
SetTimer
SystemParametersInfoA
DefWindowProcA
GetDesktopWindow
TrackPopupMenuEx
RemoveMenu
DestroyMenu
DestroyWindow
DestroyIcon
KillTimer
MsgWaitForMultipleObjects
TranslateMessage
DispatchMessageA
PostQuitMessage
PeekMessageA
LoadStringA
CharNextA
wsprintfA

ole32

CoInitialize
CoGetClassObject
CoUninitialize

oleaut32

SysAllocStringByteLen
SysFreeString
SysAllocStringLen

shell32

Shell_NotifyIconA

crypt32

CertFreeCertificateContext
CertFindCertificateInStore
CertOpenStore
CertCloseStore

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d2cec7d4f1161fe004687a4309724e58

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

user32

ole32

oleaut32

shell32

crypt32

Sections

.text Size: 16KB - Virtual size: 15KB

.data Size: 4KB - Virtual size: 428B

.rsrc Size: 8KB - Virtual size: 5KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 16KB - Virtual size: 15KB

.data
Size: 4KB - Virtual size: 428B

.rsrc
Size: 8KB - Virtual size: 5KB

UPX0
Size: 144KB - Virtual size: 380KB